From f35efe70de59dbcea563697b0e45befe74f4aae0 Mon Sep 17 00:00:00 2001
From: ruan <ruany@users.noreply.github.com>
Date: Sat, 22 Sep 2018 14:34:07 +0200
Subject: [PATCH] Use bindParam instead of execute parameters

---
 check.php    | 5 +++--
 inc/page.php | 5 +++--
 info.php     | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/check.php b/check.php
index bdbc17b..e2f442e 100644
--- a/check.php
+++ b/check.php
@@ -18,8 +18,9 @@ class Check {
         $history = $page->settings->table['history'];
 
         try {
-            $stmt = $page->conn->prepare("SELECT name,uuid FROM $history WHERE $column=? ORDER BY date LIMIT 1");
-            if ($stmt->execute(array($name))) {
+            $stmt = $page->conn->prepare("SELECT name,uuid FROM $history WHERE $column=:val ORDER BY date LIMIT 1");
+            $stmt->bindParam(':val', $name, PDO::PARAM_STR);
+            if ($stmt->execute()) {
                 if ($row = $stmt->fetch()) {
                     $name = $row['name'];
                     $uuid = $row['uuid'];
diff --git a/inc/page.php b/inc/page.php
index 56eda0a..40bd069 100644
--- a/inc/page.php
+++ b/inc/page.php
@@ -270,8 +270,9 @@ class Page {
         $result = null;
         $history = $this->settings->table['history'];
 
-        $stmt = $this->conn->prepare("SELECT name FROM $history WHERE uuid=? ORDER BY date DESC LIMIT 1");
-        if ($stmt->execute(array($uuid)) && $row = $stmt->fetch()) {
+        $stmt = $this->conn->prepare("SELECT name FROM $history WHERE uuid=:uuid ORDER BY date DESC LIMIT 1");
+        $stmt->bindParam(":uuid", $uuid, PDO::PARAM_STR);
+        if ($stmt->execute() && $row = $stmt->fetch()) {
             $result = $row['name'];
         }
         $stmt->closeCursor();
diff --git a/info.php b/info.php
index d8e7a49..fd766bc 100644
--- a/info.php
+++ b/info.php
@@ -129,11 +129,12 @@ $id = (int)$id;
 $type = $page->type;
 $table = $page->table;
 $sel = $page->get_selection($table);
-$query = "SELECT $sel FROM $table WHERE id=? LIMIT 1";
+$query = "SELECT $sel FROM $table WHERE id=:id LIMIT 1";
 
 $st = $page->conn->prepare($query);
+$st->bindParam(":id", $id, PDO::PARAM_INT);
 
-if ($st->execute(array($id))) {
+if ($st->execute()) {
     ($row = $st->fetch()) or die(str_replace("{type}", $type, $page->t("info.error.id.no-result")));
     $st->closeCursor();