From ca069831cd635f6155ea7c2504b47bbea95c76e5 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Wed, 21 Oct 2015 08:53:50 -0400
Subject: [PATCH] FS#1990 - Additional V-Server Field - this commits add a custom-field for openvz-configs

---
 interface/lib/classes/plugin_dbhistory.inc.php |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/interface/lib/classes/plugin_dbhistory.inc.php b/interface/lib/classes/plugin_dbhistory.inc.php
index c654731..3ad5d42 100644
--- a/interface/lib/classes/plugin_dbhistory.inc.php
+++ b/interface/lib/classes/plugin_dbhistory.inc.php
@@ -47,12 +47,13 @@
 		$db_table_idx = $app->tform->formDef["db_table_idx"];
 		$primary_id = $this->form->id;
 		if($_SESSION["s"]["user"]["typ"] == 'admin') {
-			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = ? AND dbidx = ?";
+			$records = $app->db->queryAllRecords($sql, $db_table, $db_table_idx.":".$primary_id);
 		} else {
-			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = '".$_SESSION["s"]["user"]["username"]."' dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = ? AND dbtable = ? AND dbidx = ?";
+			$records = $app->db->queryAllRecords($sql, $_SESSION["s"]["user"]["username"], $db_table, $db_table_idx.":".$primary_id);
 		}
 
-		$records = $app->db->queryAllRecords($sql);
 		if(is_array($records)) {
 			$content .= '<table>';
 			foreach($records as $rec) {

--
Gitblit v1.9.1