Moved all SQL statements from PHP files into relevant *_db.inc files.

[fa-stable.git] / admin / print_profiles.php

diff --git a/admin/print_profiles.php b/admin/print_profiles.php
index f22c19416920932ed1fb5ef11d32a1d955c93818..5b387534800efcf551e00e0e15f6d34872f7ba5a 100644 (file)
--- a/admin/print_profiles.php
+++ b/admin/print_profiles.php
@@ -9,13 +9,13 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 15;
-$path_to_root="..";
+$page_security = 'SA_PRINTPROFILE';
+$path_to_root = "..";
 include($path_to_root . "/includes/session.inc");
 include($path_to_root . "/admin/db/printers_db.inc");
 include($path_to_root . "/includes/ui.inc");
 
-page(_("Printing Profiles"));
+page(_($help_context = "Printing Profiles"));
 
 $selected_id = get_post('profile_id','');
 
@@ -77,7 +77,7 @@ function check_delete($name)
 {
 // check if selected profile is used by any user
        if ($name=='') return 0; // cannot delete system default profile
-       $sql = "SELECT * FROM ".TB_PREF."users WHERE print_profile='$name'";
+       $sql = "SELECT * FROM ".TB_PREF."users WHERE print_profile=".db_escape($name);
        $res = db_query($sql,'cannot check printing profile usage');
        return db_num_rows($res);
 }
@@ -160,7 +160,7 @@ foreach(get_reports() as $rep => $descr)
     label_cell($descr == '' ? '???<sup>1)</sup>' : _($descr));
        $_POST['Prn'.$rep] = isset($prints[$rep]) ? $prints[$rep] : '';
     echo '<td>';
-       printers_list('Prn'.$rep, null, 
+       echo printers_list('Prn'.$rep, null, 
                $rep == '' ? _('Browser support') : _('Default'));
        echo '</td>';
        if ($descr == '') $unkn = 1;