don't use string concatenation for sql

2020-01-28 00:49:51 +00:00 · 2020-01-28 00:49:51 +00:00 · ac1076b3f3
commit ac1076b3f3
parent 94635c0c00
2 changed files with 2 additions and 11 deletions
--- a/core/database.php
+++ b/core/database.php
@ -109,14 +109,6 @@ class Database
        }
    }

-    public function escape(string $input): string
-    {
-        if (is_null($this->db)) {
-            $this->connect_db();
-        }
-        return $this->db->Quote($input);
-    }
-
    public function scoreql_to_sql(string $input): string
    {
        if (is_null($this->engine)) {
--- a/ext/tag_editcloud/main.php
+++ b/ext/tag_editcloud/main.php
@ -82,7 +82,6 @@ class TagEditCloud extends Extension
                if (count($relevant_tags) == 0) {
                    return null;
                }
-                $relevant_tags = implode(",", array_map([$database,"escape"], $relevant_tags));
                $tag_data = $database->get_all(
                    "
 					SELECT t2.tag AS tag, COUNT(image_id) AS count, FLOOR(LN(LN(COUNT(image_id) - :tag_min1 + 1)+1)*150)/200 AS scaled
@ -90,11 +89,11 @@ class TagEditCloud extends Extension
 					JOIN image_tags it2 USING(image_id)
 					JOIN tags t1 ON it1.tag_id = t1.id
 					JOIN tags t2 ON it2.tag_id = t2.id
-					WHERE t1.count >= :tag_min2 AND t1.tag IN($relevant_tags)
+					WHERE t1.count >= :tag_min2 AND t1.tag IN(:relevant_tags)
 					GROUP BY t2.tag
 					ORDER BY count DESC
 					LIMIT :limit",
-                    ["tag_min1" => $tags_min, "tag_min2" => $tags_min, "limit" => $max_count]
+                    ["tag_min1" => $tags_min, "tag_min2" => $tags_min, "limit" => $max_count, "relevant_tags"=>$relevant_tags]
                );
                break;
            case 'a':