From 4d6767cc37b631f2de6a041e44ed6e4db0d136bb Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Sat, 23 Dec 2023 21:47:57 +0000
Subject: [PATCH] avoid sql injection

---
 model/TotpPf.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/model/TotpPf.php b/model/TotpPf.php
index 505485f8..a55f4a3d 100644
--- a/model/TotpPf.php
+++ b/model/TotpPf.php
@@ -433,7 +433,7 @@ class TotpPf
      */
     public function getException(int $id): array
     {
-        return db_query_one("SELECT * FROM totp_exception_address WHERE id=$id");
+        return db_query_one("SELECT * FROM totp_exception_address WHERE id=:id", ['id' => $id]);
     }
 }
 /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */