From 869f30de060bcec0bce99a0045d34d320e25606c Mon Sep 17 00:00:00 2001
From: Cristian Deluxe <djcristiandeluxe@gmail.com>
Date: Mon, 21 Mar 2016 18:37:34 -0400
Subject: [PATCH] More strings translated, lines sort case insensitive and clean empty spaces/new lines after ?>

---
 interface/lib/classes/plugin_dbhistory.inc.php |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/interface/lib/classes/plugin_dbhistory.inc.php b/interface/lib/classes/plugin_dbhistory.inc.php
index c654731..3ad5d42 100644
--- a/interface/lib/classes/plugin_dbhistory.inc.php
+++ b/interface/lib/classes/plugin_dbhistory.inc.php
@@ -47,12 +47,13 @@
 		$db_table_idx = $app->tform->formDef["db_table_idx"];
 		$primary_id = $this->form->id;
 		if($_SESSION["s"]["user"]["typ"] == 'admin') {
-			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = ? AND dbidx = ?";
+			$records = $app->db->queryAllRecords($sql, $db_table, $db_table_idx.":".$primary_id);
 		} else {
-			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = '".$_SESSION["s"]["user"]["username"]."' dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = ? AND dbtable = ? AND dbidx = ?";
+			$records = $app->db->queryAllRecords($sql, $_SESSION["s"]["user"]["username"], $db_table, $db_table_idx.":".$primary_id);
 		}
 
-		$records = $app->db->queryAllRecords($sql);
 		if(is_array($records)) {
 			$content .= '<table>';
 			foreach($records as $rec) {

--
Gitblit v1.9.1