From eb94626b2e17e51f259ec19c7a7728088479d7f7 Mon Sep 17 00:00:00 2001
From: r4sas <r4sas@i2pmail.org>
Date: Sun, 28 Aug 2022 19:43:52 +0000
Subject: [PATCH] fix LIKE statements in SQL query

---
 views/add.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/views/add.php b/views/add.php
index a3a9f2b..e6917d1 100644
--- a/views/add.php
+++ b/views/add.php
@@ -201,7 +201,7 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
 
                             /* print all records, which will be deleted*/
                             $STH = $pdo->prepare('SELECT `host`, `base32`, `base64` FROM `hosts` WHERE `host` = ? OR `host` LIKE ?');
-                            $STH->execute(['%'.$domain, '%'.$domain]);
+                            $STH->execute([$domain, '%'.$domain]);
                             $hosts = $STH->fetchAll(PDO::FETCH_ASSOC);
                             foreach ($hosts as $host) {
                                 $log .= "Host: " . $host['host'] . PHP_EOL . "Base32: " . $host['base32'] . PHP_EOL . "Base64: " . $host['base64'] . PHP_EOL;
@@ -210,7 +210,7 @@ if (isset($_POST["record"]) && !empty($_POST["record"])) {
                             file_put_contents(__DIR__ . '/../logs/reg.log', $log, FILE_APPEND);
 
                             /* remove domain and subdomains if any found */
-                            $pdo->prepare('DELETE FROM `hosts` WHERE `host` = ? OR `host` LIKE %?')->execute(['%'.$domain, '%'.$domain]);
+                            $pdo->prepare('DELETE FROM `hosts` WHERE `host` = ? OR `host` LIKE ?')->execute([$domain, '%'.$domain]);
                             $result["reregister"] = true;
                         }