Security statements update against sql injection attacks.

[fa-stable.git] / admin / printers.php

diff --git a/admin/printers.php b/admin/printers.php
index 227c1d65b6ee706a02115ce34109358c9f832d00..9958d8a9c41e18f0d980a225813044c66a60d71f 100644 (file)
--- a/admin/printers.php
+++ b/admin/printers.php
@@ -59,7 +59,7 @@ if ($Mode == 'Delete')
 {
        // PREVENT DELETES IF DEPENDENT RECORDS IN print_profiles
 
-       $sql= "SELECT COUNT(*) FROM ".TB_PREF."print_profiles WHERE printer = '$selected_id'";
+       $sql= "SELECT COUNT(*) FROM ".TB_PREF."print_profiles WHERE printer = ".db_escape($selected_id);
        $result = db_query($sql,"check printers relations failed");
        $myrow = db_fetch_row($result);
        if ($myrow[0] > 0) 
@@ -68,7 +68,7 @@ if ($Mode == 'Delete')
        } 
        else 
        {
-                       $sql="DELETE FROM ".TB_PREF."printers WHERE id='$selected_id'";
+                       $sql="DELETE FROM ".TB_PREF."printers WHERE id=".db_escape($selected_id);
                        db_query($sql,"could not delete printer definition");
                        display_notification(_('Selected printer definition has been deleted'));
        }