From baf5dda4cc07aa35eb9e41dda90aee0d2cdecf23 Mon Sep 17 00:00:00 2001
From: Sergio Cambra <sergio@programatica.es>
Date: Tue, 8 Jul 2014 15:53:13 +0200
Subject: [PATCH] fix escaping in sql query

---
 interface/lib/classes/tools_sites.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/tools_sites.inc.php b/interface/lib/classes/tools_sites.inc.php
index 3702df2dcb..690a4f0cc6 100644
--- a/interface/lib/classes/tools_sites.inc.php
+++ b/interface/lib/classes/tools_sites.inc.php
@@ -156,7 +156,7 @@ class tools_sites {
 				$field = "domain";
 				$select = $field;
 			}
-			$sql .= " domain NOT IN (SELECT $select FROM $not_used_in_table WHERE $field != '$selected_domain') AND";
+			$sql .= " domain NOT IN (SELECT $select FROM ?? WHERE $field != ?) AND";
 		}
 		if ($_SESSION["s"]["user"]["typ"] == 'admin') {
 			$sql .= " 1";
@@ -165,7 +165,7 @@ class tools_sites {
 			$sql .= " sys_groupid IN (".$groups.")";
 		}
 		$sql .= " ORDER BY domain";
-		return $app->db->queryAllRecords($sql);
+		return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);
 	}
 
 	function checkDomainModuleDomain($domain_id) {
-- 
GitLab