From 6bede2fd229395f34c321a37efa2ea93e7b1a7ba Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Sun, 28 Dec 2014 13:44:56 +0100 Subject: harden the sql queries --- includes/model/UserGroups_model.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'includes/model/UserGroups_model.php') diff --git a/includes/model/UserGroups_model.php b/includes/model/UserGroups_model.php index 1d018386..766f402f 100644 --- a/includes/model/UserGroups_model.php +++ b/includes/model/UserGroups_model.php @@ -9,7 +9,7 @@ function User_groups($user) { SELECT `Groups`.* FROM `UserGroups` JOIN `Groups` ON `Groups`.`UID`=`UserGroups`.`group_id` - WHERE `UserGroups`.`uid`=" . sql_escape($user['UID']) . " + WHERE `UserGroups`.`uid`='" . sql_escape($user['UID']) . "' ORDER BY `UserGroups`.`group_id` "); } -- cgit v1.2.3-54-g00ecf