summaryrefslogtreecommitdiff
path: root/program/steps/settings/func.inc
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps/settings/func.inc')
-rw-r--r--program/steps/settings/func.inc18
1 files changed, 8 insertions, 10 deletions
diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index 621acd96c..9b7ef002b 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -21,10 +21,9 @@
// get user record
-$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
- WHERE user_id=%d",
- get_table_name('users'),
- $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
+ WHERE user_id=?",
+ $_SESSION['user_id']);
if ($USER_DATA = $DB->fetch_assoc($sql_result))
$PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@@ -143,12 +142,11 @@ function rcmail_identities_list($attrib)
// get contacts from DB
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY `default` DESC, name ASC",
- get_table_name('identities'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
+ WHERE del<>'1'
+ AND user_id=?
+ ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+ $_SESSION['user_id']);
// add id to message list table if not specified
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 17:37:43 +0000