From 088ee7cf6f4e3fa1b7247aaf019758504e24e4ad Mon Sep 17 00:00:00 2001
From: Ryan Walberg <generalpf@gmail.com>
Date: Fri, 3 May 2024 09:08:14 -0400
Subject: [PATCH] fix bound param error

---
 src/shop.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shop.php b/src/shop.php
index 7aa7599..a505b52 100644
--- a/src/shop.php
+++ b/src/shop.php
@@ -73,7 +73,7 @@ if (!empty($_GET["action"])) {
 			$stmt->bindParam(4, $source, PDO::PARAM_STR);
 			$stmt->bindParam(5, $url, PDO::PARAM_STR);
 			$stmt->bindParam(6, $comment, PDO::PARAM_STR);
-			$stmt->bindParam(7,	$cat, PDO::PARAM_INT);
+			$stmt->bindParam(7, $cat, PDO::PARAM_INT);
 			$stmt->execute();
 		
 			stampUser($userid, $smarty->dbh(), $smarty->opt());
@@ -143,7 +143,7 @@ $stmt = $smarty->dbh()->prepare("SELECT i.itemid, description, price, source, c.
 	"LEFT OUTER JOIN {$opt["table_prefix"]}allocs a ON a.itemid = i.itemid AND i.quantity = 1 " .	// only join allocs for single-quantity items.
 	"LEFT OUTER JOIN {$opt["table_prefix"]}users ub ON ub.userid = a.userid AND a.bought = 1 " .
 	"LEFT OUTER JOIN {$opt["table_prefix"]}users ur ON ur.userid = a.userid AND a.bought = 0 " .
-	"WHERE i.userid = $shopfor " .
+	"WHERE i.userid = ? " .
 	"ORDER BY " . $sortby);
 $stmt->bindParam(1, $shopfor, PDO::PARAM_INT);
 $stmt->execute();