Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix date query and protect against sql injection
  • Loading branch information
visegripped committed Apr 9, 2022
1 parent b662ea0 commit 63e1b04
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion doc_root/public_html/stracker/api.php
Expand Up @@ -10,7 +10,7 @@

function getHistory($symbol, $startDate, $endDate, $pdo) {
$history = array();
$query = "select date, EOD, MA20, MA50, delta, deltaMA5, deltaMA10, deltaMA20, P0, P1, P2, M1, M2, M3 from $symbol where date >= $startDate and date <= $endDate order by date DESC";
$query = "select date, EOD, MA20, MA50, delta, deltaMA5, deltaMA10, deltaMA20, P0, P1, P2, M1, M2, M3 from $pdo->quote($symbol) where date between $pdo->quote($startDate) and $pdo->quote($endDate) order by date DESC";
$stmt = $pdo->query($query);
return $stmt->fetchAll(\PDO::FETCH_ASSOC);
}
Expand Down

0 comments on commit 63e1b04

Please sign in to comment.