So, I went ahead and implemented the change myself. Can you take a look at the code and see if there's anything amiss? As far as I can tell it works just fine, but I may have forgotten something. Here is the code (before the html output which is trivial and so I do not post it)
<?php
require_once ('../../configuration.php');
$config=new JConfig;
$db_host= $config->host;
$db_user= $config->user;
$db_password=$config->password;
$db_database=$config->db;
$db_table= $config->dbprefix .'dataitems';
$currentUrl = "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$escaped_link = htmlspecialchars($currentUrl, ENT_QUOTES, 'UTF-8');
$mysqli = new mysqli($db_host, $db_user, $db_password, $db_database);
if ($mysqli->connect_error) {
die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error);
}
$mysqli->set_charset("utf8");
@$item = (int)$_REQUEST["item"];
if ( $item and is_numeric($item) ) {
$dbquery = $mysqli->query ("select sql_no_cache description,url,image,feed,title from ".$db_table." WHERE items_id = ".$item);
$product = $dbquery->fetch_array(MYSQLI_ASSOC);
} else {
$product=false;
}
if ($product && $product["url"]) {
$dbupdate = $mysqli->query ("UPDATE LOW_PRIORITY ".$db_table." SET hits = ( hits + 1 ) WHERE items_id = ".$item);
$url=str_replace('& amp;','&',$product["url"]);
} else {
$url='/';
}
?>