diff --git a/app/call_broadcast/call_broadcast.php b/app/call_broadcast/call_broadcast.php index eef4256e7e..587dd4a711 100644 --- a/app/call_broadcast/call_broadcast.php +++ b/app/call_broadcast/call_broadcast.php @@ -42,15 +42,33 @@ $language = new text; $text = $language->get(); +//get the http get variables and set them to php variables + $order_by = $_GET["order_by"]; + $order = $_GET["order"]; + +//validate order by + if (strlen($order_by) > 0) { + $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by); + } + +//validate the order + switch ($order) { + case 'asc': + break; + case 'desc': + break; + default: + $order = ''; + } + //get the count - $sql = "select * from v_call_broadcasts "; - $sql .= "where domain_uuid = '$domain_uuid' "; + $sql = "select count(*) from v_call_broadcasts "; + $sql .= "where domain_uuid = :domain_uuid "; if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $num_rows = count($result); - unset ($prep_statement, $result, $sql); + $database = new database; + $parameters['domain_uuid'] = $domain_uuid; + $result = $database->select($sql, $parameters, 'all'); + $num_rows = $database->select($sql, $parameters, 'column'); //prepare the paging require_once "resources/paging.php"; @@ -63,14 +81,12 @@ //get the call call broadcasts $sql = "select * from v_call_broadcasts "; - $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "where domain_uuid = :domain_uuid "; if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } $sql .= " limit $rows_per_page offset $offset "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - $result_count = count($result); - unset ($prep_statement, $sql); + $database = new database; + $parameters['domain_uuid'] = $domain_uuid; + $result = $database->select($sql, $parameters, 'all'); //set the row style $c = 0; @@ -80,10 +96,6 @@ //add the header require_once "resources/header.php"; -//get the http get variables and set them to php variables - $order_by = $_GET["order_by"]; - $order = $_GET["order"]; - //show the content echo "\n"; echo "\n"; @@ -104,7 +116,7 @@ echo "\n"; echo "\n"; - if ($result_count > 0) { + if (is_array($result)) { foreach($result as $row) { $tr_link = (permission_exists('call_broadcast_edit')) ? "href='call_broadcast_edit.php?id=".$row['call_broadcast_uuid']."'" : null; echo "\n";
".$text['title']."