ta2edchimp / BattleReporter

Advanced editable BattleReport platform for EVE Online.
1 stars 1 forks source link

Avoid concat params to SQL query strings in classes/Battle.php #62

Closed ta2edchimp closed 9 years ago

ta2edchimp commented 9 years ago

in classes/Battle.php, line 607

If provided by the user, the value of intval($options['count']) may allow an SQL injection attack. Avoid concatenating parameters to SQL query strings, and use parameter binding instead.

    $limit          = isset($options["count"]) && is_int($options["count"]) ? (" limit " . intval($options["count"])) : "";