more pear/mdb2 integration

1 files changed, 11 insertions, 14 deletions

diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index 465ed3125..6ead67812 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -29,13 +29,11 @@ if ($_GET['_address'])
     $contact = $contact_arr[1];
 
     if ($contact['mailto'])
-      $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
-                                        WHERE  user_id=%d
-                                        AND    email='%s'
-                                        AND    del!='1'",
-                                       get_table_name('contacts'),
-                                       $_SESSION['user_id'],
-                                       $contact['mailto']));
+      $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+                                WHERE  user_id=?
+                                AND    email=?
+                                AND    del<>'1'",
+                                $_SESSION['user_id'],$contact['mailto']);
 
     // contact entry with this mail address exists
     if ($sql_result && $DB->num_rows($sql_result))
@@ -43,13 +41,12 @@ if ($_GET['_address'])
 
     else if ($contact['mailto'])
       {
-      $DB->query(sprintf("INSERT INTO %s
-                          (user_id, name, email)
-                          VALUES (%d, '%s', '%s')",
-                         get_table_name('contacts'),
-                         $_SESSION['user_id'],
-                         $contact['name'],
-                         $contact['mailto']));
+      $DB->query("INSERT INTO ".get_table_name('contacts')."
+                  (user_id, name, email)
+                  VALUES (?, ?, ?)",
+                  $_SESSION['user_id'],
+                  $contact['name'],
+                  $contact['mailto']);
 
       $added = $DB->insert_id();
       }