From 6f713b923ab07ef55b0e88061bf5a2a797cdf50f Mon Sep 17 00:00:00 2001
From: Timm Fitschen <t.fitschen@indiscale.com>
Date: Thu, 21 Mar 2024 00:45:25 +0100
Subject: [PATCH] FIX: use prepared statement

---
 procedures/query/initEntity.sql | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/procedures/query/initEntity.sql b/procedures/query/initEntity.sql
index d63c777..5d1f978 100644
--- a/procedures/query/initEntity.sql
+++ b/procedures/query/initEntity.sql
@@ -80,9 +80,10 @@ initEntityLabel: BEGIN
             IF(versioned,
                 '` (id, _iversion) SELECT eids.internal_id, _get_head_iversion(eids.internal_id) ',
                 '` (id) SELECT eids.internal_id '),
-            'FROM entity_ids AS eids WHERE eids.id=',eid,';');
+            'FROM entity_ids AS eids WHERE eids.id=?;');
+        SET @query_param = eid;
         PREPARE initEntityStmt FROM @initEntityStmtStr;
-        EXECUTE initEntityStmt;
+        EXECUTE initEntityStmt USING @query_param;
         DEALLOCATE PREPARE initEntityStmt;
     END IF;
 
-- 
GitLab