From 66773789e392305bba4cdf7ed8e6ae3b8380de51 Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 27 Oct 2005 09:45:33 -0400
Subject: [PATCH] 

---
 program/steps/settings/func.inc |   18 ++++++++----------
 1 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index 621acd9..9b7ef00 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -21,10 +21,9 @@
 
 
 // get user record
-$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
-                                  WHERE  user_id=%d",
-                                 get_table_name('users'),
-                                 $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
+                          WHERE  user_id=?",
+                          $_SESSION['user_id']);
                                  
 if ($USER_DATA = $DB->fetch_assoc($sql_result))
   $PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@@ -143,12 +142,11 @@
 
 
   // get contacts from DB
-  $sql_result = $DB->query(sprintf("SELECT * FROM %s
-                                    WHERE  del!='1'
-                                    AND    user_id=%d
-                                    ORDER BY `default` DESC, name ASC",
-                                   get_table_name('identities'),
-                                   $_SESSION['user_id']));
+  $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
+                            WHERE  del<>'1'
+                            AND    user_id=?
+                            ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+                            $_SESSION['user_id']);
 
 
   // add id to message list table if not specified

--
Gitblit v1.9.1