From 459e929311d8806f604c0b914ba4b37aa731fbfc Mon Sep 17 00:00:00 2001
From: Star Rauchenberger <fefferburbia@gmail.com>
Date: Mon, 8 Jan 2024 21:09:05 +0000
Subject: Migrated to mysqli

---
 comic.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'comic.php')

diff --git a/comic.php b/comic.php
index 1e94abc..e8333bb 100755
--- a/comic.php
+++ b/comic.php
@@ -8,11 +8,14 @@ if (!isset($_GET['id']))
 	exit;
 }
 
-$getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\"";
-$getcomic2 = mysql_query($getcomic);
-$getcomic3 = mysql_fetch_array($getcomic2);
-
-if ($getcomic3['filename'] != ($_GET['id'] . '.png'))
+$getcomic = $mysql_conn->prepare("SELECT * FROM comics WHERE filename = ?");
+$real_filename = $_GET['id'] . ".png";
+$getcomic->bind_param("s", $real_filename);
+$getcomic->execute();
+$getcomic2 = $getcomic->get_result();
+$getcomic3 = $getcomic2->fetch_assoc();
+
+if ($getcomic3['filename'] != $real_filename)
 {
 	header('Location: /');
 	exit;
-- 
cgit 1.4.1