From 6bede2fd229395f34c321a37efa2ea93e7b1a7ba Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Sun, 28 Dec 2014 13:44:56 +0100
Subject: harden the sql queries

---
 includes/pages/user_questions.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'includes/pages/user_questions.php')

diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index be7f9930..0a2786d1 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -7,9 +7,9 @@ function user_questions() {
   global $user;
   
   if (! isset($_REQUEST['action'])) {
-    $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`=" . sql_escape($user['UID']));
+    $open_questions = sql_select("SELECT * FROM `Questions` WHERE `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
     
-    $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`=" . sql_escape($user['UID']));
+    $answered_questions = sql_select("SELECT * FROM `Questions` WHERE NOT `AID` IS NULL AND `UID`='" . sql_escape($user['UID']) . "'");
     foreach ($answered_questions as &$question) {
       $answer_user_source = User($question['AID']);
       if ($answer_user_source === false)
@@ -23,7 +23,7 @@ function user_questions() {
       case 'ask':
         $question = strip_request_item_nl('question');
         if ($question != "") {
-          $result = sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'");
+          $result = sql_query("INSERT INTO `Questions` SET `UID`='" . sql_escape($user['UID']) . "', `Question`='" . sql_escape($question) . "'");
           if ($result === false)
             engelsystem_error(_("Unable to save question."));
           success(_("You question was saved."));
@@ -39,9 +39,9 @@ function user_questions() {
         else
           return error(_("Incomplete call, missing Question ID."), true);
         
-        $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+        $question = sql_select("SELECT * FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
         if (count($question) > 0 && $question[0]['UID'] == $user['UID']) {
-          sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1");
+          sql_query("DELETE FROM `Questions` WHERE `QID`='" . sql_escape($id) . "' LIMIT 1");
           redirect(page_link_to("user_questions"));
         } else
           return page_with_title(questions_title(), array(
-- 
cgit v1.2.3-54-g00ecf