MDL-53169 database: use bound empty strings for cross-db
authorEloy Lafuente (stronk7) <stronk7@moodle.org>
Thu, 21 Sep 2017 17:27:59 +0000 (19:27 +0200)
committerEloy Lafuente (stronk7) <stronk7@moodle.org>
Thu, 21 Sep 2017 17:27:59 +0000 (19:27 +0200)
lib/enrollib.php

index e23eb1a..6077d59 100644 (file)
@@ -658,7 +658,8 @@ function enrol_get_my_courses($fields = null, $sort = 'visible DESC,sortorder AS
             $courseidsql .= "
                     SELECT DISTINCT e.courseid
                       FROM {enrol} e
-                     WHERE e.enrol = 'guest' AND e.password = '' AND e.status = :enabled2";
+                     WHERE e.enrol = 'guest' AND e.password = :emptypass AND e.status = :enabled2";
+            $params['emptypass'] = '';
             $params['enabled2'] = ENROL_INSTANCE_ENABLED;
 
             // Include courses where the current user is currently using guest access (may include