system/Variable_model: replaced concatenation of names array with ? (parameter replacement by CI) to prevent SQL injections

This commit is contained in:
alex
2020-02-06 14:52:26 +01:00
parent 17ef2f173b
commit 7f8415e6dc
2 changed files with 12 additions and 11 deletions
+1 -1
View File
@@ -57,7 +57,7 @@ class VariableLib
if (!isEmptyString($uid) && !isEmptyString($name) && is_numeric($change))
{
$change = (int) $change;
$change = (int)$change;
$varres = $this->_ci->VariableModel->getVariables($uid, array($name));
if (isSuccess($varres))