From 19d222b4dfe7d388071a2a6c49af4de3e7d2ff3f Mon Sep 17 00:00:00 2001
From: steinm <steinm@577cc39b-cfd1-4aa2-8bc3-eda205cea05a>
Date: Thu, 1 Dec 2011 21:37:10 +0000
Subject: [PATCH] - quote string propperly before using in sql statement

---
 inc/inc.ClassSession.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/inc.ClassSession.php b/inc/inc.ClassSession.php
index 81c8e5234..3dd403a2c 100644
--- a/inc/inc.ClassSession.php
+++ b/inc/inc.ClassSession.php
@@ -66,13 +66,13 @@ class LetoDMS_Session {
 	 * @return boolean true if successful otherwise false
 	 */
 	function load($id) { /* {{{ */
-		$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id)."";
+		$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id);
 		$resArr = $this->db->getResultArray($queryStr);
 		if (is_bool($resArr) && $resArr == false)
 			return false;
 		if (count($resArr) == 0)
 			return false;
-		$queryStr = "UPDATE tblSessions SET lastAccess = " . mktime() . " WHERE id = '" . $id . "'";
+		$queryStr = "UPDATE tblSessions SET lastAccess = " . mktime() . " WHERE id = " . $this->db->qstr($id);
 		if (!$this->db->getResult($queryStr))
 			return false;
 		return $resArr[0];
@@ -119,7 +119,7 @@ class LetoDMS_Session {
 	 * @return boolean true if successful otherwise false
 	 */
 	function delete($id) { /* {{{ */
-		$queryStr = "DELETE FROM tblSessions WHERE id = '$id'";
+		$queryStr = "DELETE FROM tblSessions WHERE id = " . $this->db->qstr($id);
 		if (!$this->db->getResult($queryStr)) {
 			return false;
 		}