summaryrefslogtreecommitdiff
path: root/program/steps/mail/addcontact.inc
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps/mail/addcontact.inc')
-rw-r--r--program/steps/mail/addcontact.inc25
1 files changed, 11 insertions, 14 deletions
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index 465ed3125..6ead67812 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -29,13 +29,11 @@ if ($_GET['_address'])
$contact = $contact_arr[1];
if ($contact['mailto'])
- $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
- WHERE user_id=%d
- AND email='%s'
- AND del!='1'",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $contact['mailto']));
+ $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+ WHERE user_id=?
+ AND email=?
+ AND del<>'1'",
+ $_SESSION['user_id'],$contact['mailto']);
// contact entry with this mail address exists
if ($sql_result && $DB->num_rows($sql_result))
@@ -43,13 +41,12 @@ if ($_GET['_address'])
else if ($contact['mailto'])
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, name, email)
- VALUES (%d, '%s', '%s')",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $contact['name'],
- $contact['mailto']));
+ $DB->query("INSERT INTO ".get_table_name('contacts')."
+ (user_id, name, email)
+ VALUES (?, ?, ?)",
+ $_SESSION['user_id'],
+ $contact['name'],
+ $contact['mailto']);
$added = $DB->insert_id();
}