switch to integer book ids

author: Andrew Dolgov <[email protected]> 2017-02-25 08:51:08 +0300
committer: Andrew Dolgov <[email protected]> 2017-02-25 08:51:08 +0300
commit: b4fb29e00346ec78065e875ab318885810524a22 (patch)
tree: 40950c1cce12b39e81488d5e09a63c82bc6a4e8b /backend.php
parent: abe6ca80782474e266961e49077ee566c22a0a91 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/backend.php b/backend.php
index b6e840c..c353e5c 100644
--- a/backend.php
+++ b/backend.php
@@ -68,7 +68,7 @@
 		break;
 
 	case "getpagination":
-		$bookid = db_escape_string($_REQUEST["id"]);
+		$bookid = (int) $_REQUEST["id"];
 
 		if ($bookid) {
 			$result = db_query($link, "SELECT pagination FROM epube_pagination WHERE bookid = '$bookid' LIMIT 1");
@@ -83,7 +83,7 @@
 		break;
 	case "storepagination":
 		$payload = db_escape_string($_REQUEST["payload"]);
-		$bookid = db_escape_string($_REQUEST["id"]);
+		$bookid = (int) $_REQUEST["id"];
 
 		if ($bookid && $payload) {
 
@@ -107,7 +107,7 @@
 
 		break;
 	case "getlastread":
-		$bookid = db_escape_string($_REQUEST["id"]);
+		$bookid = (int) $_REQUEST["id"];
 		$lastread = -1;
 
 		if ($bookid) {
@@ -126,7 +126,7 @@
 
 	case "storelastread":
 		$page = (int) $_REQUEST["page"];
-		$bookid = db_escape_string($_REQUEST["id"]);
+		$bookid = (int) $_REQUEST["id"];
 
 		if ($page && $bookid) {
author	Andrew Dolgov <[email protected]>	2017-02-25 08:51:08 +0300
committer	Andrew Dolgov <[email protected]>	2017-02-25 08:51:08 +0300
commit	b4fb29e00346ec78065e875ab318885810524a22 (patch)
tree	40950c1cce12b39e81488d5e09a63c82bc6a4e8b /backend.php
parent	abe6ca80782474e266961e49077ee566c22a0a91 (diff)