Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make it more injection safe

Browse Source
This commit is contained in:
phl0
2026-02-20 12:25:16 +01:00
parent fe95d2d7ed
commit 3dd4adb55b
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
application/models/Api_model.php
View File

@@ -211,9 +211,10 @@ class API_Model extends CI_Model {
}
$bindings = [];
$ids = array_map('intval', $logbooks_locations_array);
$sql = 'SELECT DISTINCT UPPER(SUBSTR(COL_GRIDSQUARE, 1, 4)) AS gridsquare FROM ' . $this->config->item('table_name') . ' thcv ';
$sql .= ' WHERE COL_GRIDSQUARE <> "" AND CHAR_LENGTH(COL_GRIDSQUARE) >= 4';
$sql .= ' AND station_id IN ('.implode(',', $logbooks_locations_array).')';
$sql .= ' AND station_id IN (' . implode(',', $ids) . ')';
$sql .= $subsql;
$sql .= ' ORDER BY gridsquare ASC;';
$query = $this->db->query($sql,$bindings);
@@ -223,7 +224,7 @@ class API_Model extends CI_Model {
// Get and add VUCC grids
$sql = 'SELECT DISTINCT UPPER(COL_VUCC_GRIDS) AS vuccgrids FROM ' . $this->config->item('table_name') . ' thcv ';
$sql .= ' WHERE COL_VUCC_GRIDS <> ""';
$sql .= ' AND station_id IN ('.implode(',', $logbooks_locations_array).')';
$sql .= ' AND station_id IN (' . implode(',', $ids) . ')';
$sql .= $subsql;
$sql .= ' ORDER BY vuccgrids ASC;';
$query = $this->db->query($sql,$bindings);