@@ -13,7 +13,9 @@ function openGraphHeader($photoID) {
global $database;
+ $photoID = mysqli_real_escape_string($database, $photoID);
if (!is_numeric($photoID)) return false;
+
$result = $database->query("SELECT * FROM lychee_photos WHERE id = '$photoID';");
$row = $result->fetch_object();
Tobias Reich