Migrated to mysqli HEAD master

author: Star Rauchenberger <fefferburbia@gmail.com> 2024-01-08 21:09:05 +0000
committer: Star Rauchenberger <fefferburbia@gmail.com> 2024-01-08 21:09:05 +0000
commit: 459e929311d8806f604c0b914ba4b37aa731fbfc (patch)
tree: d81247d7ee4f768c9df552df07aad6d6896047f8 /comic.php
parent: 5b892eafafb1f41bab1a20f1524cef144042e3e1 (diff)
download: pillowcase-master.tar.gz
pillowcase-master.tar.bz2
pillowcase-master.zip
1 files changed, 8 insertions, 5 deletions
diff --git a/comic.php b/comic.php
index 1e94abc..e8333bb 100755
--- a/comic.php
+++ b/comic.php

@@ -8,11 +8,14 @@ if (!isset($_GET['id']))
        exit;
 }
-$getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\"";
+$getcomic = $mysql_conn->prepare("SELECT * FROM comics WHERE filename = ?");
-$getcomic2 = mysql_query($getcomic);
+$real_filename = $_GET['id'] . ".png";
-$getcomic3 = mysql_fetch_array($getcomic2);
+$getcomic->bind_param("s", $real_filename);
+$getcomic->execute();
-if ($getcomic3['filename'] != ($_GET['id'] . '.png'))
+$getcomic2 = $getcomic->get_result();
+$getcomic3 = $getcomic2->fetch_assoc();
+if ($getcomic3['filename'] != $real_filename)
 {
        header('Location: /');
        exit;
author	Star Rauchenberger <fefferburbia@gmail.com>	2024-01-08 21:09:05 +0000
committer	Star Rauchenberger <fefferburbia@gmail.com>	2024-01-08 21:09:05 +0000
commit	459e929311d8806f604c0b914ba4b37aa731fbfc (patch)
tree	d81247d7ee4f768c9df552df07aad6d6896047f8 /comic.php
parent	5b892eafafb1f41bab1a20f1524cef144042e3e1 (diff)
download	pillowcase-master.tar.gz pillowcase-master.tar.bz2 pillowcase-master.zip

diff --git a/comic.php b/comic.php index 1e94abc..e8333bb 100755 --- a/comic.php +++ b/comic.php
@@ -8,11 +8,14 @@ if (!isset($_GET['id']))
8	exit;	8	exit;
9	}	9	}
10		10
11	$getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\"";	11	$getcomic = $mysql_conn->prepare("SELECT * FROM comics WHERE filename = ?");
12	$getcomic2 = mysql_query($getcomic);	12	$real_filename = $_GET['id'] . ".png";
13	$getcomic3 = mysql_fetch_array($getcomic2);	13	$getcomic->bind_param("s", $real_filename);
14		14	$getcomic->execute();
15	if ($getcomic3['filename'] != ($_GET['id'] . '.png'))	15	$getcomic2 = $getcomic->get_result();
		16	$getcomic3 = $getcomic2->fetch_assoc();
		17
		18	if ($getcomic3['filename'] != $real_filename)
16	{	19	{
17	header('Location: /');	20	header('Location: /');
18	exit;	21	exit;