Skip to content

Commit d0fae62

Browse files
committed
fix: added missing escapting of value
1 parent 4fed1d9 commit d0fae62

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

Diff for: phpmyfaq/src/phpMyFAQ/Faq.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -925,13 +925,13 @@ public function create(FaqEntity $faq): int
925925
$this->config->getDb()->escape($faq->getQuestion()),
926926
$this->config->getDb()->escape($faq->getAnswer()),
927927
$this->config->getDb()->escape($faq->getAuthor()),
928-
$faq->getEmail(),
928+
$this->config->getDb()->escape($faq->getEmail()),
929929
$faq->isComment() ? 'y' : 'n',
930930
$faq->getUpdatedDate()->format('YmdHis'),
931931
'00000000000000',
932932
'99991231235959',
933933
date('Y-m-d H:i:s'),
934-
$faq->getNotes()
934+
$this->config->getDb()->escape($faq->getNotes())
935935
);
936936

937937
$this->config->getDb()->query($query);
@@ -994,12 +994,12 @@ public function update(FaqEntity $faq): bool
994994
$this->config->getDb()->escape($faq->getQuestion()),
995995
$this->config->getDb()->escape($faq->getAnswer()),
996996
$this->config->getDb()->escape($faq->getAuthor()),
997-
$faq->getEmail(),
997+
$this->config->getDb()->escape($faq->getEmail()),
998998
$faq->isComment() ? 'y' : 'n',
999999
$faq->getUpdatedDate()->format('YmdHis'),
10001000
$faq->getValidFrom()->format('YmdHis'),
10011001
$faq->getValidTo()->format('YmdHis'),
1002-
$faq->getNotes(),
1002+
$this->config->getDb()->escape($faq->getNotes()),
10031003
$faq->getId(),
10041004
$faq->getLanguage()
10051005
);

0 commit comments

Comments
 (0)