Fixed a SQL injection

16 years ago · a71504fc3a
parent f6ef0f445c
commit a71504fc3a
1 changed files with 1 additions and 1 deletions
--- a/www/account.php
+++ b/www/account.php
@ -53,7 +53,7 @@
                showfooter();
                exit;
 	} else if($id == 51 && $_GET['img'] == "show") {
-		$query = "select * from `tverify` where `id`='".$_GET['photoid']."' and `modified`=0";
+		$query = "select * from `tverify` where `id`='".intval($_GET['photoid'])."' and `modified`=0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res))
 		{