mike/wishlist
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Password should be PDO::PARAM_STR, not PDO::PARAM_INT

Browse source
This commit is contained in:
Michael Erdely 2024-10-11 17:54:57 -04:00
parent 381628e571
commit 5c64d87304
No known key found for this signature in database
GPG key ID: E0266F2210925BC7
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/admin.php
View file

@ -41,7 +41,7 @@ if ($action == "approve") {
$stmt->execute();
}
$stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET approved = 1, password = {$opt["password_hasher"]}(?) WHERE userid = ?");
$stmt->bindParam(1, $pwd, PDO::PARAM_INT);
$stmt->bindParam(1, $pwd, PDO::PARAM_STR);
$stmt->bindValue(2, (int) $_GET["userid"], PDO::PARAM_INT);
$stmt->execute();