diff --git a/app/access_controls/access_controls.php b/app/access_controls/access_controls.php index c28da34c9d..9de71000da 100644 --- a/app/access_controls/access_controls.php +++ b/app/access_controls/access_controls.php @@ -46,13 +46,35 @@ $order_by = $_GET["order_by"]; $order = $_GET["order"]; +//validate the order + switch ($order) { + case 'asc': + break; + case 'desc': + break; + default: + $order = ''; + } + +//validate the order by + switch ($order_by) { + case 'access_control_name': + break; + case 'access_control_default': + break; + case 'access_control_description': + break; + default: + $order_by = ''; + } + //additional includes require_once "resources/header.php"; require_once "resources/paging.php"; //prepare to page the results $sql = "select count(*) as num_rows from v_access_controls "; - if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } + if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; } $prep_statement = $db->prepare($sql); if ($prep_statement) { $prep_statement->execute(); @@ -67,7 +89,7 @@ //prepare to page the results $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; - $param = ""; + $param = ''; $page = $_GET['page']; if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; } list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page); @@ -76,11 +98,11 @@ //get the list $sql = "select * from v_access_controls "; if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= "limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $access_controls = $prep_statement->fetchAll(PDO::FETCH_NAMED); - unset ($prep_statement, $sql); + $sql .= "limit :rows_per_page offset :offset "; + $database = new database; + $parameters['rows_per_page'] = $rows_per_page; + $parameters['offset'] = $offset; + $access_controls = $database->execute($sql, $parameters); //alternate the row style $c = 0;