From a20749d900015762c2afac0b729ac14cc98d0b4d Mon Sep 17 00:00:00 2001
From: Chris <christian@haschek.at>
Date: Sun, 26 Nov 2023 14:10:26 +0100
Subject: [PATCH] safer

---
 web/pages/smart/controller.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/web/pages/smart/controller.php b/web/pages/smart/controller.php
index 5534452..1ff66b6 100644
--- a/web/pages/smart/controller.php
+++ b/web/pages/smart/controller.php
@@ -20,8 +20,11 @@ class Smart extends Page {
         $q = $_REQUEST['q'];
         if(!$q || strlen($q) < 3 || strpos($q, ' ') === false)
             return partial('error.html', ['errorTitle' => 'Error', 'errorMessage' => 'Error: Bitte Nachname und Vorname eingeben.']);
-        $query = "SELECT DISTINCT(hund) FROM results WHERE teilnehmer LIKE '$q'";
-        $res = $db->query($query);
+
+        $stmt = $db->prepare("SELECT DISTINCT(hund) FROM results WHERE teilnehmer LIKE :q");
+        $stmt->bindValue(':q', $q, SQLITE3_TEXT);
+
+        $res = $stmt->execute();
         $results = [];
         $dogs = [];