diff options
Diffstat (limited to 'db/itemmapper.php')
| -rw-r--r-- | db/itemmapper.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/db/itemmapper.php b/db/itemmapper.php index e2850e725..2ba0a7f2c 100644 --- a/db/itemmapper.php +++ b/db/itemmapper.php @@ -72,11 +72,11 @@ class ItemMapper extends Mapper implements IMapper { // now im gonna slowly stick them in the query, be careful! return $this->makeSelectQuery( - + // WARNING: this is a desperate attempt at making this query work // because prepared statements dont work. This is a possible - // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGH. - // think twice when chaning this + // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. + // think twice when changing this 'AND ((`items`.`status` & ' . $status . ') = ' . $status . ') ' . $prependTo ); @@ -101,8 +101,8 @@ class ItemMapper extends Mapper implements IMapper { 'AND `feeds`.`user_id` = ? ' . // WARNING: this is a desperate attempt at making this query work // because prepared statements dont work. This is a possible - // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGH. - // think twice when chaning this + // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. + // think twice when changing this 'WHERE ((`items`.`status` & ' . StatusFlag::STARRED . ') = ' . StatusFlag::STARRED . ')'; |