From d7cb77414c4cf074269b6812c3dd3571ee29afca Mon Sep 17 00:00:00 2001 From: svncommit Date: Tue, 25 Oct 2005 15:04:17 +0000 Subject: more pear/mdb2 integration --- program/steps/settings/func.inc | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'program/steps/settings/func.inc') diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc index 621acd96c..9b7ef002b 100644 --- a/program/steps/settings/func.inc +++ b/program/steps/settings/func.inc @@ -21,10 +21,9 @@ // get user record -$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s - WHERE user_id=%d", - get_table_name('users'), - $_SESSION['user_id'])); +$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')." + WHERE user_id=?", + $_SESSION['user_id']); if ($USER_DATA = $DB->fetch_assoc($sql_result)) $PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']); @@ -143,12 +142,11 @@ function rcmail_identities_list($attrib) // get contacts from DB - $sql_result = $DB->query(sprintf("SELECT * FROM %s - WHERE del!='1' - AND user_id=%d - ORDER BY `default` DESC, name ASC", - get_table_name('identities'), - $_SESSION['user_id'])); + $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')." + WHERE del<>'1' + AND user_id=? + ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC", + $_SESSION['user_id']); // add id to message list table if not specified -- cgit v1.2.3