From fefcbb676a5b1774bb7f1ccfa5c90f1d7a8b9df4 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Fri, 25 Aug 2023 13:10:13 +0000
Subject: [PATCH] fix prepared statement, fixes #3100

Closes #3100

Merge request studip/studip!2087
---
 lib/classes/Seminar.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/classes/Seminar.class.php b/lib/classes/Seminar.class.php
index 33fc50b5bc4..72fe6ad655e 100644
--- a/lib/classes/Seminar.class.php
+++ b/lib/classes/Seminar.class.php
@@ -1659,7 +1659,7 @@ class Seminar
         $query = "SELECT CONCAT(seminare.VeranstaltungsNummer, ' ', seminare.name, '(', semester_data.name, ')')
                   FROM seminare
                   LEFT JOIN semester_data ON (seminare.start_time = semester_data.beginn)
-                  WHERE seminare.Seminar_id='$s_id'";
+                  WHERE seminare.Seminar_id = ?";
         $statement = DBManager::get()->prepare($query);
         $statement->execute([$s_id]);
         $semlogname = $statement->fetchColumn() ?: sprintf('unknown sem_id: %s', $s_id);
-- 
GitLab