From 5b892eafafb1f41bab1a20f1524cef144042e3e1 Mon Sep 17 00:00:00 2001
From: Star Rauchenberger <fefferburbia@gmail.com>
Date: Mon, 8 Jan 2024 20:31:32 +0000
Subject: sql injection prevention

---
 comic.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'comic.php')

diff --git a/comic.php b/comic.php
index 352060b..1e94abc 100755
--- a/comic.php
+++ b/comic.php
@@ -8,7 +8,7 @@ if (!isset($_GET['id']))
 	exit;
 }
 
-$getcomic = "SELECT * FROM comics WHERE filename = \"" . $_GET['id'] . ".png\"";
+$getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\"";
 $getcomic2 = mysql_query($getcomic);
 $getcomic3 = mysql_fetch_array($getcomic2);
 
-- 
cgit 1.4.1