From 9beb0e6d479b1937d310aa41aa84b87f26f9c0a2 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Wed, 8 Mar 2023 11:28:11 +0000
Subject: [PATCH] fix sql query, fixes #2285

Closes #2285

Merge request studip/studip!1511
---
 .../classes/db/EvaluationQuestionDB.class.php | 28 +++++++------------
 1 file changed, 10 insertions(+), 18 deletions(-)

diff --git a/lib/evaluation/classes/db/EvaluationQuestionDB.class.php b/lib/evaluation/classes/db/EvaluationQuestionDB.class.php
index 9c7ce4667d2..b6cea2499be 100644
--- a/lib/evaluation/classes/db/EvaluationQuestionDB.class.php
+++ b/lib/evaluation/classes/db/EvaluationQuestionDB.class.php
@@ -280,26 +280,18 @@ class EvaluationQuestionDB extends EvaluationObjectDB
     {
         $db = DBManager::get();
 
-        if (EvaluationObjectDB::getGlobalPerm() == "root") {
-            $sql =
-                "SELECT" .
-                " evalquestion_id " .
-                "FROM" .
-                " evalquestion " .
-                "WHERE" .
-                " parent_id = '0' ORDER BY text";
+        if (EvaluationObjectDB::getGlobalPerm() === 'root') {
+            $sql = "SELECT evalquestion_id
+                    FROM evalquestion
+                    WHERE parent_id = '0'
+                    ORDER BY text";
             return $db->fetchFirst($sql);
         } else {
-            $sql =
-                "SELECT" .
-                " evalquestion_id " .
-                "FROM" .
-                " evalquestion " .
-                "WHERE" .
-                " parent_id = '" . $userID . "' " .
-                "OR " .
-                " parent_id = '0' ORDER BY text";
-            $sql .= " ";
+            $sql = "SELECT evalquestion_id
+                    FROM evalquestion
+                    WHERE parent_id = ?
+                       OR parent_id = '0'
+                    ORDER BY text";
             return $db->fetchFirst($sql, [$userID]);
         }
     }
-- 
GitLab