diff options
Diffstat (limited to 'program/steps/mail')
-rw-r--r-- | program/steps/mail/addcontact.inc | 25 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 34 | ||||
-rw-r--r-- | program/steps/mail/sendmail.inc | 14 |
3 files changed, 30 insertions, 43 deletions
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc index 465ed3125..6ead67812 100644 --- a/program/steps/mail/addcontact.inc +++ b/program/steps/mail/addcontact.inc @@ -29,13 +29,11 @@ if ($_GET['_address']) $contact = $contact_arr[1]; if ($contact['mailto']) - $sql_result = $DB->query(sprintf("SELECT 1 FROM %s - WHERE user_id=%d - AND email='%s' - AND del!='1'", - get_table_name('contacts'), - $_SESSION['user_id'], - $contact['mailto'])); + $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')." + WHERE user_id=? + AND email=? + AND del<>'1'", + $_SESSION['user_id'],$contact['mailto']); // contact entry with this mail address exists if ($sql_result && $DB->num_rows($sql_result)) @@ -43,13 +41,12 @@ if ($_GET['_address']) else if ($contact['mailto']) { - $DB->query(sprintf("INSERT INTO %s - (user_id, name, email) - VALUES (%d, '%s', '%s')", - get_table_name('contacts'), - $_SESSION['user_id'], - $contact['name'], - $contact['mailto'])); + $DB->query("INSERT INTO ".get_table_name('contacts')." + (user_id, name, email) + VALUES (?, ?, ?)", + $_SESSION['user_id'], + $contact['name'], + $contact['mailto']); $added = $DB->insert_id(); } diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index f7e094aa0..f70759914 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -87,13 +87,11 @@ function rcmail_compose_headers($attrib) $field_attrib[$attr] = $value; // get this user's identities - $sql_result = $DB->query(sprintf("SELECT identity_id, name, email - FROM %s - WHERE user_id=%d - AND del!='1' - ORDER BY `default` DESC, name ASC", - get_table_name('identities'), - $_SESSION['user_id'])); + $sql_result = $DB->query("SELECT identity_id, name, email + FROM ".get_table_name('identities')." WHERE user_id=? + AND del<>'1' + ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC", + $_SESSION['user_id']); if ($DB->num_rows($sql_result)) { @@ -123,14 +121,11 @@ function rcmail_compose_headers($attrib) if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to'])) { $a_recipients = array(); - $sql_result = $DB->query(sprintf("SELECT name, email - FROM %s - WHERE user_id=%d - AND del!='1' - AND contact_id IN (%s)", - get_table_name('contacts'), - $_SESSION['user_id'], - $_GET['_to'])); + $sql_result = $DB->query("SELECT name, email + FROM ".get_table_name('contacts')." WHERE user_id=? + AND del<>'1' + AND contact_id IN (".$_GET['_to'].")", + $_SESSION['user_id']); while ($sql_arr = $DB->fetch_assoc($sql_result)) $a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']); @@ -559,12 +554,9 @@ function format_email_recipient($email, $name='') /****** get contacts for this user and add them to client scripts ********/ -$sql_result = $DB->query(sprintf("SELECT name, email - FROM %s - WHERE user_id=%d - AND del!='1'", - get_table_name('contacts'), - $_SESSION['user_id'])); +$sql_result = $DB->query("SELECT name, email + FROM ".get_table_name('contacts')." WHERE user_id=? + AND del<>'1'",$_SESSION['user_id']); if ($DB->num_rows($sql_result)) { diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index bacb1b1e8..ddd08f11e 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -42,14 +42,12 @@ function rcmail_get_identity($id) global $DB; // get identity record - $sql_result = $DB->query(sprintf("SELECT *, email AS mailto - FROM %s - WHERE identity_id=%d - AND user_id=%d - AND del!='1'", - get_table_name('identities'), - $id, - $_SESSION['user_id'])); + $sql_result = $DB->query("SELECT *, email AS mailto + FROM ".get_table_name('identities')." + WHERE identity_id=? + AND user_id=? + AND del<>'1'", + $id,$_SESSION['user_id']); if ($DB->num_rows($sql_result)) { |