diff --git a/web/skins/classic/views/montage.php b/web/skins/classic/views/montage.php index 45f76057f..b78da9cca 100644 --- a/web/skins/classic/views/montage.php +++ b/web/skins/classic/views/montage.php @@ -27,12 +27,12 @@ if ( !canView( 'Stream' ) ) $groupSql = ""; if ( !empty($_REQUEST['group']) ) { - $sql = "select * from Groups where Id = ".dbEscape($_REQUEST['group']); - $row = dbFetchOne( $sql ); - $groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )"; + $row = dbFetchOne( 'select * from Groups where Id = ?', NULL, array($_REQUEST['group']) ); + $sql = "select * from Monitors where Function != 'None' and find_in_set( Id, '".$row['MonitorIds']."' ) order by Sequence"; +} else { + $sql = "select * from Monitors where Function != 'None' order by Sequence"; } -$sql = "select * from Monitors where Function != 'None'$groupSql order by Sequence"; $maxWidth = 0; $maxHeight = 0; $showControl = false;