$sql = "SELECT date_, rate_buy, id FROM "
.TB_PREF."exchange_rates "
- ."WHERE curr_code='".$_POST['curr_abrev']."'
+ ."WHERE curr_code=".db_escape($_POST['curr_abrev'])."
ORDER BY date_ DESC";
$cols = array(
{
br(1);
- if (list_updated('curr_abrev')) {
- $table->set_sql($sql);
- $table->set_columns($cols);
- }
$table->width = "40%";
display_db_pager($table);
br(1);