@@ -9,7 +9,7 @@ require_once "../public/function.php";
$id=$_GET["id"];
PDO_Connect("sqlite:"._FILE_DB_FILEINDEX_);
-$query = "select * from fileindex where id='$id'";
+$query = "select * from fileindex where id=".$PDO->quote($id);
$Fetch = PDO_FetchAll($query);
if(count($Fetch)>0){
echo "<set>\n";
visuddhinanda