From 3a11d23a2f32a1b9b2ec43429917c000017c5eff Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Wed, 15 Apr 2015 05:18:57 -0400
Subject: [PATCH] - changed code to use new method of passing values to datalogUpdate and datalogInsert

---
 interface/lib/classes/remoting_lib.inc.php |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index a2e3988..9ee3ca5 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -238,22 +238,23 @@
 			$sql_offset = 0;
 			$sql_limit = 0;
 			$sql_where = '';
+			$params = array($this->formDef['db_table']);
 			foreach($primary_id as $key => $val) {
-				$key = $app->db->quote($key);
-				$val = $app->db->quote($val);
 				if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);
 				elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);
 				elseif(stristr($val, '%')) {
-					$sql_where .= "$key like '$val' AND ";
+					$sql_where .= "? like ? AND ";
 				} else {
-					$sql_where .= "$key = '$val' AND ";
+					$sql_where .= "? = ? AND ";
 				}
+				$params[] = $key;
+				$params[] = $val;
 			}
 			$sql_where = substr($sql_where, 0, -5);
 			if($sql_where == '') $sql_where = '1';
 			$sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
 			if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
-			return $app->db->queryAllRecords($sql, $this->formDef['db_table']);
+			return $app->db->queryAllRecords($sql, true, $params);
 		} else {
 			$this->errorMessage = 'The ID must be either an integer or an array.';
 			return array();

--
Gitblit v1.9.1