diff --git a/app/call_broadcast/call_broadcast.php b/app/call_broadcast/call_broadcast.php
index 587dd4a711..8ffdc37a25 100644
--- a/app/call_broadcast/call_broadcast.php
+++ b/app/call_broadcast/call_broadcast.php
@@ -30,10 +30,7 @@
 	require_once "resources/check_auth.php";
 
 //check permissions
-	if (permission_exists('call_broadcast_view')) {
-		//access granted
-	}
-	else {
+	if (!permission_exists('call_broadcast_view')) {
 		echo "access denied";
 		exit;
 	}
@@ -46,29 +43,13 @@
 	$order_by = $_GET["order_by"];
 	$order = $_GET["order"];
 
-//validate order by
-	if (strlen($order_by) > 0) {
-		$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
-	}
-
-//validate the order
-	switch ($order) {
-		case 'asc':
-			break;
-		case 'desc':
-			break;
-		default:
-			$order = '';
-	}
-
 //get the count
 	$sql = "select count(*) from v_call_broadcasts ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
 	$database = new database;
-	$parameters['domain_uuid'] = $domain_uuid;
-	$result = $database->select($sql, $parameters, 'all');
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$num_rows = $database->select($sql, $parameters, 'column');
+	unset($sql, $parameters);
 
 //prepare the paging
 	require_once "resources/paging.php";
@@ -82,10 +63,10 @@
 //get the call call broadcasts
 	$sql = "select * from v_call_broadcasts ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
-	$sql .= " limit $rows_per_page offset $offset ";
+	$sql .= order_by($order_by, $order);
+	$sql .= limit_offset($rows_per_page, $offset);
 	$database = new database;
-	$parameters['domain_uuid'] = $domain_uuid;
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$result = $database->select($sql, $parameters, 'all');
 
 //set the row style
diff --git a/app/call_broadcast/call_broadcast_delete.php b/app/call_broadcast/call_broadcast_delete.php
index e7a3c8cd7e..3b6bd592a2 100644
--- a/app/call_broadcast/call_broadcast_delete.php
+++ b/app/call_broadcast/call_broadcast_delete.php
@@ -38,23 +38,22 @@ else {
 	$language = new text;
 	$text = $language->get();
 
-//get the id
-	if (count($_GET)>0) {
-		$id = $_GET["id"];
-	}
-
 //delete the call broadcast entry
-	if (strlen($id)>0) {
-		$sql = "delete from v_call_broadcasts ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and call_broadcast_uuid = '$id' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		unset($sql);
+	if (is_uuid($_GET["id"])) {
+		$call_broadcast_uuid = $_GET['id'];
+		$array['call_broadcasts'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+		$array['call_broadcasts'][0][''] = $call_broadcast_uuid;
+
+		$database = new database;
+		$database->app_name = 'call_broadcasts';
+		$database->app_uuid = 'efc11f6b-ed73-9955-4d4d-3a1bed75a056';
+		$database->delete($array);
+		$response = $database->message;
+		unset($array);
+
+		message::add($text['message-delete']);
 	}
 
-
-message::add($text['confirm-delete']);
 header("Location: call_broadcast.php");
 return;
 
diff --git a/app/call_broadcast/call_broadcast_send.php b/app/call_broadcast/call_broadcast_send.php
index dd8641f125..08d582bc59 100644
--- a/app/call_broadcast/call_broadcast_send.php
+++ b/app/call_broadcast/call_broadcast_send.php
@@ -69,11 +69,13 @@ function cmd_async($cmd) {
 
 //get the call broadcast details from the database
 	$sql = "select * from v_call_broadcasts ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
-	$sql .= "and call_broadcast_uuid = '$call_broadcast_uuid' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	while($row = $prep_statement->fetch()) {
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and call_broadcast_uuid = :call_broadcast_uuid ";
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$parameters['call_broadcast_uuid'] = $call_broadcast_uuid;
+	$database = new database;
+	$row = $database->select($sql, $parameters, 'row');
+	if (is_array($row) && sizeof($row) != 0) {
 		$broadcast_name = $row["broadcast_name"];
 		$broadcast_description = $row["broadcast_description"];
 		$broadcast_timeout = $row["broadcast_timeout"];
@@ -95,9 +97,8 @@ function cmd_async($cmd) {
 		//	$broadcast_destination_application = $broadcast_destination_array[0];
 		//	$broadcast_destination_data = $broadcast_destination_array[1];
 		//}
-		break; //limit to 1 row
 	}
-	unset ($prep_statement);
+	unset($sql, $parameters, $row);
 
 	if (strlen($broadcast_caller_id_name) == 0) {
 		$broadcast_caller_id_name = "anonymous";