From ab4815fd88a3639d5eb83a1f3db367db6e82ec97 Mon Sep 17 00:00:00 2001
From: Mike Javorski <mike.javorski@gmail.com>
Date: Wed, 29 Nov 2023 11:29:00 -0800
Subject: [PATCH] Bugfix: Correct syntax for prepared statement in "copy"
 action

---
 src/shop.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shop.php b/src/shop.php
index 63784cd..7aa7599 100644
--- a/src/shop.php
+++ b/src/shop.php
@@ -66,7 +66,7 @@ if (!empty($_GET["action"])) {
 			$price = (float) $row["price"];
 			$cat = (int) $row["category"];
 		
-			$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,description,price,source,url,comment,category,ranking,quantity) VALUES(?, ?, ?, ?, ?, ?, ?, 1, 1");
+			$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}items(userid,description,price,source,url,comment,category,ranking,quantity) VALUES(?, ?, ?, ?, ?, ?, ?, 1, 1)");
 			$stmt->bindParam(1, $userid, PDO::PARAM_INT);
 			$stmt->bindParam(2, $desc, PDO::PARAM_STR);
 			$stmt->bindParam(3, $price);