Skip to content
Snippets Groups Projects
Commit 20de82e0 authored by xamgore's avatar xamgore
Browse files

Escaped variable in the sql query

parent 13179673
No related merge requests found
Hide whitespace changes
Inline Side-by-side
~dev_rating/application/classes/Model/Teachers.php
+ 3
2
View file @ 20de82e0
......@@ -55,8 +55,9 @@ class Model_Teachers extends Model
* @return Database_Result select from <tt>view_disciplines_teachers</tt> table
*/
public static function ofDiscipline($id) {
$sql = "CALL `GetTeachersForDiscipline`('$id'); ";
return DB::query(Database::SELECT, $sql)->execute();
$sql = "CALL `GetTeachersForDiscipline`(:id)";
return DB::query(Database::SELECT, $sql)
->param(':id', $id)->execute();
}
public static function getNamesForDiscipline($disciplineID, $asConcat = false, $asAbbreviation = false) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment