From b0812c43fa05bec8c59e5ff3c7889f0f98089775 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 11 Nov 2012 17:40:58 +0100 Subject: [PATCH] [ticket/11162] Use integer casting instead of SQL escape. PHPBB3-11162 --- tests/functions/update_rows_avoiding_duplicates_test.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/functions/update_rows_avoiding_duplicates_test.php b/tests/functions/update_rows_avoiding_duplicates_test.php index 0e949717d2..e4e156209d 100644 --- a/tests/functions/update_rows_avoiding_duplicates_test.php +++ b/tests/functions/update_rows_avoiding_duplicates_test.php @@ -61,7 +61,7 @@ class phpbb_update_rows_avoiding_duplicates_test extends phpbb_database_test_cas $sql = 'SELECT count(*) AS count FROM ' . TOPICS_WATCH_TABLE . ' - WHERE topic_id = ' . $db->sql_escape($to); + WHERE topic_id = ' . (int) $to; $result = $db->sql_query($sql); $result_count = $db->sql_fetchfield('count'); $db->sql_freeresult($result);