diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index 56e53ee4220bc9ca4461f2bf89f1e19b3c01495e..ae626b7e6fb65603ef53f2ca3bbf0143b746e1c6 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -114,7 +114,7 @@ class auth {
 		$groupid = $app->functions->intval($groupid);
 
 		if($userid > 0 && $groupid > 0) {
-			$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ", $userid);
+			$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
 			$groups = explode(',', $user['groups']);
 			$key = array_search($groupid, $groups);
 			unset($groups[$key]);
diff --git a/interface/lib/classes/custom_datasource.inc.php b/interface/lib/classes/custom_datasource.inc.php
index 46af33fb5c94758476ef166cb5fff0bab6eb81c0..414de29dcc0bdc7a87d327b5f7d3c6da66a590b9 100644
--- a/interface/lib/classes/custom_datasource.inc.php
+++ b/interface/lib/classes/custom_datasource.inc.php
@@ -47,7 +47,7 @@ class custom_datasource {
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+			$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
@@ -69,7 +69,7 @@ class custom_datasource {
 		if($_SESSION["s"]["user"]["typ"] == 'user') {
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+			$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 			$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
 		} else {
 			$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index d1c753279780233f300d29888952d947e7bc89c7..cccc04f110baa654e789d89f3ba0014afcfa2051 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -400,10 +400,10 @@ class remoting_client extends remoting {
 			$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
 
 			//* delete the group of the client
-			$app->db->query("DELETE FROM sys_group WHERE client_id = ", $client_id);
+			$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
 
 			//* delete the sys user(s) of the client
-			$app->db->query("DELETE FROM sys_user WHERE client_id = ", $client_id);
+			$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
 
 			//* Delete all records (sub-clients, mail, web, etc....)  of this client.
 			$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
@@ -413,7 +413,7 @@ class remoting_client extends remoting {
 			if($client_group_id > 1) {
 				foreach($tables_array as $table) {
 					if($table != '') {
-						$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ", $client_group_id);
+						$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
 						//* find the primary ID of the table
 						$table_info = $app->db->tableInfo($table);
 						$index_field = '';
diff --git a/interface/web/client/client_del.php b/interface/web/client/client_del.php
index 7817bc37292db9c2be8fc5f3e79352af38fdec2d..3e0d6bccb3152e475d7bdc29422c8fdfa456581c 100644
--- a/interface/web/client/client_del.php
+++ b/interface/web/client/client_del.php
@@ -74,7 +74,7 @@ class page_action extends tform_actions {
 
 			$this->dataRecord = $app->tform->getDataRecord($this->id);
 			$client_id = $app->functions->intval($this->dataRecord['client_id']);
-			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ", $client_id);
+			$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
 
 			// Get all records (sub-clients, mail, web, etc....)  of this client.
 			$tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain';
diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php
index 694746f8e5fd6efae59dda236cc2ec725a25cf72..9064581c17396cd64623157bf83040c2f6403882 100644
--- a/interface/web/client/domain_edit.php
+++ b/interface/web/client/domain_edit.php
@@ -97,7 +97,7 @@ class page_action extends tform_actions {
 		} else {
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 	
 			// Fill the client select field
 			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 1bc2db7df002e7d3b2248ed7881a00ebbeb616cc..ddc6cfb34dab0cb1cfcae25082934a904b111fbf 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -109,7 +109,7 @@ class login_index {
 								$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
 								$tmp = $app->db->queryOneRecord($sql, $username, $passwort);
 								$client_group_id = $app->functions->intval($tmp['default_group']);
-								$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+								$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 								
 								if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
 									die("You don't have the right to 'login as' this user!");
@@ -125,7 +125,7 @@ class login_index {
 					} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
 						/* a reseller wants to 'login as', we need to check if he is allowed to */
 						$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-						$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $res_client_group_id);
+						$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
 						
 						/* this is the user the reseller wants to 'login as' */
 						$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php
index c1b9eedf593df45eb04ed048413216b90c57d9ea..16d440a9f1a5419a968765eb602d077b43b3504e 100644
--- a/interface/web/mail/xmpp_user_edit.php
+++ b/interface/web/mail/xmpp_user_edit.php
@@ -112,12 +112,12 @@ class page_action extends tform_actions {
 		if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+			$client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 
 			// Check if the user may add another xmpp user.
 			if($this->id == 0 && $client["limit_xmpp_user"] >= 0) {
-				$tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ", $client_group_id);
+				$tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ?", $client_group_id);
 				if($tmp["number"] >= $client["limit_xmpp_user"]) {
 					$app->tform->errorMessage .= $app->tform->lng("limit_xmpp_user_txt")."<br>";
 				}
diff --git a/interface/web/sites/cron_edit.php b/interface/web/sites/cron_edit.php
index 2b3c1391b19042189242f45ac6c940fe1f64aa86..a8326493cad61e5537b3ed134fab4a737c3d8cdd 100644
--- a/interface/web/sites/cron_edit.php
+++ b/interface/web/sites/cron_edit.php
@@ -87,7 +87,7 @@ class page_action extends tform_actions {
 		if($_SESSION["s"]["user"]["typ"] != 'admin') {
 			// Get the limits of the client
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
+			$client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 
 			// When the record is updated
 			if($this->id > 0) {
@@ -95,7 +95,7 @@ class page_action extends tform_actions {
 			} else {
 				// Check if the user may add another cron job.
 				if($client["limit_cron"] >= 0) {
-					$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = ", $client_group_id);
+					$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = ?", $client_group_id);
 					if($tmp["number"] >= $client["limit_cron"]) {
 						$app->error($app->tform->wordbook["limit_cron_txt"]);
 					}
diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php
index 7319e9a833dd251f61b488cb5c8f9e4921e09dcb..2d051d118f445263f6dd7c805fe4b093124ffe50 100644
--- a/interface/web/sites/database_edit.php
+++ b/interface/web/sites/database_edit.php
@@ -174,7 +174,7 @@ class page_action extends tform_actions {
 		if($_SESSION["s"]["user"]["typ"] != 'admin') {
 			// Get the limits of the client
 			$client_group_id = $_SESSION["s"]["user"]["default_group"];
-			$client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ", $client_group_id);
+			$client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ?", $client_group_id);
 
 			// When the record is updated
 			if($this->id > 0) {