1 files changed, 12 insertions, 7 deletions

@@ -2,9 +2,11 @@
 
 if (is_numeric($_GET['season']))
 {
-        $getseason = "SELECT * FROM seasons WHERE season_id = " . $_GET['season'];
-        $getseason2 = mysql_query($getseason);
-        $getseason3 = mysql_fetch_array($getseason2);
+  $getseason = $mysql_conn->prepare("SELECT * FROM seasons WHERE season_id = ?");
+  $getseason->bind_param("i", $_GET['season']);
+  $getseason->execute();
+        $getseason2 = $getseason->get_result();
+        $getseason3 = $getseason2->fetch_assoc();
 }
 
 if (isset($getseason3) && ($getseason3['season_id'] == $_GET['season']))
@@ -18,13 +20,16 @@ if (isset($getseason3) && ($getseason3['season_id'] == $_GET['season']))
 
 if (!is_null($getseason3['last_comic_id']))
 {
-        $getcomics = "SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= " . $getseason3['first_comic_id'] . " AND comic_id <= " . $getseason3['last_comic_id'] . " ORDER BY comic_id ASC";
+  $getcomics = $mysql_conn->prepare("SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= ? AND comic_id <= ? ORDER BY comic_id ASC");
+  $getcomics->bind_param("ii", $getseason3["first_comic_id"], $getseason3["last_comic_id"]);
 } else {
-        $getcomics = "SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= " . $getseason3['first_comic_id'] . " ORDER BY comic_id ASC";
+  $getcomics = $mysql_conn->prepare("SELECT * FROM comics WHERE status = \"publish\" AND comic_id >= ? ORDER BY comic_id ASC");
+  $getcomics->bind_param("i", $getseason3["first_comic_id"]);
 }
 
-$getcomics2 = mysql_query($getcomics);
-while ($getcomics3 = mysql_fetch_array($getcomics2))
+$getcomics->execute();
+$getcomics2 = $getcomics->get_result();
+foreach ($getcomics2 as $getcomics3)
 {
 ?>                              <LI><A HREF="/comic<?php echo($getcomics3['comic_id']); ?>.htm"><?php echo($getcomics3['title']); ?></A></LI>
 <?php