Security: Adding intval in query

14 years ago · ab36f087a7
parent 736541c5b9
commit ab36f087a7
2 changed files with 2 additions and 0 deletions
--- a/main/inc/lib/database.lib.php
+++ b/main/inc/lib/database.lib.php
@ -274,6 +274,7 @@ class Database {
     * @todo move this function in a gradebook-related library
     */
    public static function get_course_by_category($category_id) {
+        $category_id = intval($category_id);
        $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC');
        return $info ? $info['course_code'] : false;
    }
--- a/main/inc/lib/database.mysqli.lib.php
+++ b/main/inc/lib/database.mysqli.lib.php
@ -262,6 +262,7 @@ class Database {
     * @todo move this function in a gradebook-related library
     */
    public static function get_course_by_category($category_id) {
+        $category_id = intval($category_id);
        $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC');
        return $info ? $info['course_code'] : false;
    }