From 147c317a46115f236dc611a822bbd2e61a62d16e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Tue, 19 Jun 2018 20:08:02 +0200
Subject: [PATCH] Create proper parameters with QueryBuilder
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 lib/Db/AttachmentMapper.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/Db/AttachmentMapper.php b/lib/Db/AttachmentMapper.php
index 1bdf82b33..4ead87510 100644
--- a/lib/Db/AttachmentMapper.php
+++ b/lib/Db/AttachmentMapper.php
@@ -56,7 +56,7 @@ class AttachmentMapper extends DeckMapper implements IPermissionMapper {
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
 			->from('deck_attachment')
-			->where($qb->expr()->eq('id', (string)$id));
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
 
 		$cursor = $qb->execute();
 		$row = $cursor->fetch(PDO::FETCH_ASSOC);
@@ -74,8 +74,8 @@ class AttachmentMapper extends DeckMapper implements IPermissionMapper {
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
 			->from('deck_attachment')
-			->where($qb->expr()->eq('card_id', (string)$cardId, IQueryBuilder::PARAM_INT))
-			->andWhere($qb->expr()->eq('deleted_at', (string)0, IQueryBuilder::PARAM_INT));
+			->where($qb->expr()->eq('card_id', $qb->createNamedParameter($cardId, IQueryBuilder::PARAM_INT)))
+			->andWhere($qb->expr()->eq('deleted_at', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
 
 
 		$entities = [];
@@ -93,14 +93,14 @@ class AttachmentMapper extends DeckMapper implements IPermissionMapper {
 		$qb = $this->db->getQueryBuilder();
 		$qb->select('*')
 			->from('deck_attachment')
-			->where($qb->expr()->gt('deleted_at', '0', IQueryBuilder::PARAM_INT));
+			->where($qb->expr()->gt('deleted_at', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
 		if ($withOffset) {
 			$qb
-				->andWhere($qb->expr()->lt('deleted_at', (string)$timeLimit, IQueryBuilder::PARAM_INT));
+				->andWhere($qb->expr()->lt('deleted_at', $qb->createNamedParameter($timeLimit, IQueryBuilder::PARAM_INT)));
 		}
 		if ($cardId !== null) {
 			$qb
-				->andWhere($qb->expr()->eq('card_id', (string)$cardId, IQueryBuilder::PARAM_INT));
+				->andWhere($qb->expr()->eq('card_id', $qb->createNamedParameter($cardId, IQueryBuilder::PARAM_INT)));
 		}
 
 		$entities = [];