From 04c9776a65c1477a645894fb38afaee1e05bf4d6 Mon Sep 17 00:00:00 2001
From: Tim Krehan <Tim.Krehan@brz.eu>
Date: Wed, 22 May 2019 09:12:09 +0200
Subject: [PATCH] done with preparing list sql statements

---
 php/classes.list.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/php/classes.list.php b/php/classes.list.php
index f2bd435..d89bee6 100644
--- a/php/classes.list.php
+++ b/php/classes.list.php
@@ -60,7 +60,9 @@
     function check($id, $status){
       include $_SESSION["docroot"].'/config/config.php';
       include $_SESSION["docroot"].'/php/connect.php';
-      $mysqli->query("UPDATE `Einkauf` SET `Erledigt` = $status WHERE `Einkauf`.`ID` = $id");
+      $updateQuery = $mysqli->prepare("UPDATE `Einkauf` SET `Erledigt` = $status WHERE `Einkauf`.`ID` = ?");
+      $updateQuery->bind_param("s", $id);
+      $updateQuery->execute();
       $mysqli->close();
     }