use parameter passing instead of explicit exscaping
This commit is contained in:
parent
93560652f1
commit
59b841958d
|
@ -27,12 +27,12 @@ if ( !canView( 'Stream' ) )
|
|||
$groupSql = "";
|
||||
if ( !empty($_REQUEST['group']) )
|
||||
{
|
||||
$sql = "select * from Groups where Id = ".dbEscape($_REQUEST['group']);
|
||||
$row = dbFetchOne( $sql );
|
||||
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
|
||||
$row = dbFetchOne( 'select * from Groups where Id = ?', NULL, array($_REQUEST['group']) );
|
||||
$sql = "select * from Monitors where Function != 'None' and find_in_set( Id, '".$row['MonitorIds']."' ) order by Sequence";
|
||||
} else {
|
||||
$sql = "select * from Monitors where Function != 'None' order by Sequence";
|
||||
}
|
||||
|
||||
$sql = "select * from Monitors where Function != 'None'$groupSql order by Sequence";
|
||||
$maxWidth = 0;
|
||||
$maxHeight = 0;
|
||||
$showControl = false;
|
||||
|
|
Loading…
Reference in New Issue