diff options
author | Christian Weiske <cweiske@cweiske.de> | 2011-03-25 08:00:32 +0100 |
---|---|---|
committer | Christian Weiske <cweiske@cweiske.de> | 2011-03-25 08:00:32 +0100 |
commit | d6e99db40dc88de1782099b30941075ebc8dfa97 (patch) | |
tree | da9234cc3edf8bcb812cc451902afbf7794f5576 /src | |
parent | e667feb0ca9ff30a063149a2ce20b3398585dd4f (diff) | |
download | semanticscuttle-d6e99db40dc88de1782099b30941075ebc8dfa97.tar.gz semanticscuttle-d6e99db40dc88de1782099b30941075ebc8dfa97.tar.bz2 |
do not generate invalid SQL when called with a not-so valid array
Diffstat (limited to 'src')
-rw-r--r-- | src/SemanticScuttle/Service/Bookmark2Tag.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/SemanticScuttle/Service/Bookmark2Tag.php b/src/SemanticScuttle/Service/Bookmark2Tag.php index 1dc0ffe..a10cb61 100644 --- a/src/SemanticScuttle/Service/Bookmark2Tag.php +++ b/src/SemanticScuttle/Service/Bookmark2Tag.php @@ -571,8 +571,10 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService } else if (is_array($user)) { $query .= ' (1 = 0'; //tricks foreach ($user as $u) { - $query .= ' OR B.uId = ' . $this->db->sql_escape($u) - . ' AND B.bId = T.bId'; + if (is_numeric($u)) { + $query .= ' OR B.uId = ' . $this->db->sql_escape($u) + . ' AND B.bId = T.bId'; + } } $query .= ' )' . $privacy; } else { |