From b45479611dea99bcdc6cdd276e0d47e7ad902a21 Mon Sep 17 00:00:00 2001
From: Dominik Mueller <info@profi-webdesign.net>
Date: Wed, 05 Mar 2014 11:37:08 -0500
Subject: [PATCH] switched to new query syntax - do quoting where it is needed

---
 interface/lib/classes/quota_lib.inc.php |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php
index 55b2aa8..7446573 100644
--- a/interface/lib/classes/quota_lib.inc.php
+++ b/interface/lib/classes/quota_lib.inc.php
@@ -13,12 +13,14 @@
 		}
 		//print_r($monitor_data);
 		
+		// select all websites or websites belonging to client
 		if($clientid != null){
-			$sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+			$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost' AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)", $app->functions->intval($client_id));
+		}
+		else {
+			$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost'");
 		}
 		
-		// select websites belonging to client
-		$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost'".$sql_where);
 		//print_r($sites);
 		if(is_array($sites) && !empty($sites)){
 			for($i=0;$i<sizeof($sites);$i++){
@@ -111,13 +113,14 @@
 		}
 		//print_r($monitor_data);
 		
+		// select all email accounts or email accounts belonging to client
 		if($clientid != null){
-			$sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+			$emails = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)", $app->functions->intval($client_id));
+		}
+		else {
+			$emails = $app->db->queryAllRecords("SELECT * FROM mail_user");
 		}
 		
-		
-		// select email accounts belonging to client
-		$emails = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE 1".$sql_where);
 		//print_r($emails);
 		if(is_array($emails) && !empty($emails)){
 			for($i=0;$i<sizeof($emails);$i++){

--
Gitblit v1.9.1