From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/web/remote/monitor.php | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/interface/web/remote/monitor.php b/interface/web/remote/monitor.php index 9cc0084..132bcf2 100644 --- a/interface/web/remote/monitor.php +++ b/interface/web/remote/monitor.php @@ -30,7 +30,7 @@ $sql = 'SELECT server_id, server_name FROM server WHERE 1 ORDER BY server_id'; $records = $app->db->queryAllRecords($sql); foreach($records as $index => $rec) { - $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = " . $rec['server_id'] . " AND state NOT IN ('ok', 'no_state', 'info')"); + $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = ? AND state NOT IN ('ok', 'no_state', 'info')", $rec['server_id']); if($rec) $records[$index]['state'] = 'warn'; else $records[$index]['state'] = 'ok'; } @@ -38,7 +38,7 @@ $out['data'] = $records; $out['time'] = date('Y-m-d H:i', $rec['created']); } else { - $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = '$type' AND server_id = $server_id"); + $rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = ? AND server_id = ?", $type, $server_id); if(is_array($rec)) { $out['state'] = $rec['state']; $out['data'] = unserialize(stripslashes($rec['data'])); -- Gitblit v1.9.1