do not generate invalid SQL when called with a not-so valid array

author: Christian Weiske <cweiske@cweiske.de> 2011-03-25 08:00:32 +0100
committer: Christian Weiske <cweiske@cweiske.de> 2011-03-25 08:00:32 +0100
commit: d6e99db40dc88de1782099b30941075ebc8dfa97 (patch)
tree: da9234cc3edf8bcb812cc451902afbf7794f5576 /src/SemanticScuttle
parent: e667feb0ca9ff30a063149a2ce20b3398585dd4f (diff)
download: semanticscuttle-d6e99db40dc88de1782099b30941075ebc8dfa97.tar.gz
semanticscuttle-d6e99db40dc88de1782099b30941075ebc8dfa97.tar.bz2
1 files changed, 4 insertions, 2 deletions
diff --git a/src/SemanticScuttle/Service/Bookmark2Tag.php b/src/SemanticScuttle/Service/Bookmark2Tag.php
index 1dc0ffe..a10cb61 100644
--- a/src/SemanticScuttle/Service/Bookmark2Tag.php
+++ b/src/SemanticScuttle/Service/Bookmark2Tag.php
@@ -571,8 +571,10 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService
         } else if (is_array($user)) {
             $query .= ' (1 = 0';  //tricks
             foreach ($user as $u) {
-                $query .= ' OR B.uId = ' . $this->db->sql_escape($u)
-                    . ' AND B.bId = T.bId';
+                if (is_numeric($u)) {
+                    $query .= ' OR B.uId = ' . $this->db->sql_escape($u)
+                        . ' AND B.bId = T.bId';
+                }
             }
             $query .= ' )' . $privacy;
         } else {
author	Christian Weiske <cweiske@cweiske.de>	2011-03-25 08:00:32 +0100
committer	Christian Weiske <cweiske@cweiske.de>	2011-03-25 08:00:32 +0100
commit	d6e99db40dc88de1782099b30941075ebc8dfa97 (patch)
tree	da9234cc3edf8bcb812cc451902afbf7794f5576 /src/SemanticScuttle
parent	e667feb0ca9ff30a063149a2ce20b3398585dd4f (diff)
download	semanticscuttle-d6e99db40dc88de1782099b30941075ebc8dfa97.tar.gz semanticscuttle-d6e99db40dc88de1782099b30941075ebc8dfa97.tar.bz2