summaryrefslogtreecommitdiff
path: root/program/steps/mail
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps/mail')
-rw-r--r--program/steps/mail/addcontact.inc25
-rw-r--r--program/steps/mail/compose.inc34
-rw-r--r--program/steps/mail/sendmail.inc14
3 files changed, 30 insertions, 43 deletions
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index 465ed3125..6ead67812 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -29,13 +29,11 @@ if ($_GET['_address'])
$contact = $contact_arr[1];
if ($contact['mailto'])
- $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
- WHERE user_id=%d
- AND email='%s'
- AND del!='1'",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $contact['mailto']));
+ $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+ WHERE user_id=?
+ AND email=?
+ AND del<>'1'",
+ $_SESSION['user_id'],$contact['mailto']);
// contact entry with this mail address exists
if ($sql_result && $DB->num_rows($sql_result))
@@ -43,13 +41,12 @@ if ($_GET['_address'])
else if ($contact['mailto'])
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, name, email)
- VALUES (%d, '%s', '%s')",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $contact['name'],
- $contact['mailto']));
+ $DB->query("INSERT INTO ".get_table_name('contacts')."
+ (user_id, name, email)
+ VALUES (?, ?, ?)",
+ $_SESSION['user_id'],
+ $contact['name'],
+ $contact['mailto']);
$added = $DB->insert_id();
}
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index f7e094aa0..f70759914 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -87,13 +87,11 @@ function rcmail_compose_headers($attrib)
$field_attrib[$attr] = $value;
// get this user's identities
- $sql_result = $DB->query(sprintf("SELECT identity_id, name, email
- FROM %s
- WHERE user_id=%d
- AND del!='1'
- ORDER BY `default` DESC, name ASC",
- get_table_name('identities'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT identity_id, name, email
+ FROM ".get_table_name('identities')." WHERE user_id=?
+ AND del<>'1'
+ ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+ $_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{
@@ -123,14 +121,11 @@ function rcmail_compose_headers($attrib)
if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
{
$a_recipients = array();
- $sql_result = $DB->query(sprintf("SELECT name, email
- FROM %s
- WHERE user_id=%d
- AND del!='1'
- AND contact_id IN (%s)",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $_GET['_to']));
+ $sql_result = $DB->query("SELECT name, email
+ FROM ".get_table_name('contacts')." WHERE user_id=?
+ AND del<>'1'
+ AND contact_id IN (".$_GET['_to'].")",
+ $_SESSION['user_id']);
while ($sql_arr = $DB->fetch_assoc($sql_result))
$a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@@ -559,12 +554,9 @@ function format_email_recipient($email, $name='')
/****** get contacts for this user and add them to client scripts ********/
-$sql_result = $DB->query(sprintf("SELECT name, email
- FROM %s
- WHERE user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT name, email
+ FROM ".get_table_name('contacts')." WHERE user_id=?
+ AND del<>'1'",$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index bacb1b1e8..ddd08f11e 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -42,14 +42,12 @@ function rcmail_get_identity($id)
global $DB;
// get identity record
- $sql_result = $DB->query(sprintf("SELECT *, email AS mailto
- FROM %s
- WHERE identity_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- $id,
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT *, email AS mailto
+ FROM ".get_table_name('identities')."
+ WHERE identity_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $id,$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{