From: <ema...@us...> - 2003-08-12 02:14:41
|
Update of /cvsroot/moregroupware/mgw/modules/contact/inc In directory sc8-pr-cvs1:/tmp/cvs-serv6316 Modified Files: company.class.php contact.class.php contactgroup.class.php crm.class.php Log Message: changing some quotes for sql-security - emailtotom Index: company.class.php =================================================================== RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/company.class.php,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** company.class.php 2 Jul 2003 12:30:13 -0000 1.17 --- company.class.php 12 Aug 2003 01:38:11 -0000 1.18 *************** *** 59,63 **** global $conn; ! $sql = "DELETE FROM mgw_companies WHERE id=$id"; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 59,63 ---- global $conn; ! $sql = "DELETE FROM mgw_companies WHERE id=".(int)$id; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 68,72 **** global $smarty, $conn, $appconf; ! $sql = "SELECT * FROM mgw_companies WHERE id=$id"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 68,72 ---- global $smarty, $conn, $appconf; ! $sql = "SELECT * FROM mgw_companies WHERE id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); *************** *** 117,121 **** include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT * FROM mgw_companies WHERE id=$id"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 117,121 ---- include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT * FROM mgw_companies WHERE id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); *************** *** 161,165 **** include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT a.*, b.name AS country FROM mgw_companies a LEFT JOIN mgw_countries b ON a.countrycode = b.code WHERE a.id=".$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 161,165 ---- include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT a.*, b.name AS country FROM mgw_companies a LEFT JOIN mgw_countries b ON a.countrycode = b.code WHERE a.id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); *************** *** 205,209 **** if($_GET["list"] != "") { // ALPHABET SEARCH ACTIVE ! $sql = "SELECT * FROM mgw_companies WHERE name1 LIKE '".$_GET["list"]."%' AND (owner=".$_SESSION['MGW']->userid." OR ispublic=1) ORDER BY name1"; $smarty->assign("list",$_GET["list"]); } --- 205,210 ---- if($_GET["list"] != "") { // ALPHABET SEARCH ACTIVE ! $searchterm = $conn->quote($_GET["list"]."%"); ! $sql = "SELECT * FROM mgw_companies WHERE name1 LIKE ".$searchterm." AND (owner=".$_SESSION['MGW']->userid." OR ispublic=1) ORDER BY name1"; $smarty->assign("list",$_GET["list"]); } Index: contact.class.php =================================================================== RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/contact.class.php,v retrieving revision 1.32 retrieving revision 1.33 diff -C2 -d -r1.32 -r1.33 *** contact.class.php 4 Aug 2003 03:19:33 -0000 1.32 --- contact.class.php 12 Aug 2003 01:38:11 -0000 1.33 *************** *** 12,16 **** $id = $conn->GenID('mgw__seq_contacts'); ! $title = $_POST["title"]; $honpref = $conn->quote($_POST["honpref"]); $firstname = $conn->quote($_POST["firstname"]); --- 12,16 ---- $id = $conn->GenID('mgw__seq_contacts'); ! $title = $conn->quote($_POST["title"]); $honpref = $conn->quote($_POST["honpref"]); $firstname = $conn->quote($_POST["firstname"]); *************** *** 25,29 **** $city = $conn->quote($_POST["priv_ort"]); $state = $conn->quote($_POST["priv_state"]); ! $country = $_POST["priv_country"]; $region = $conn->quote($_POST["priv_region"]); --- 25,29 ---- $city = $conn->quote($_POST["priv_ort"]); $state = $conn->quote($_POST["priv_state"]); ! $country = $conn->quote($_POST["priv_country"]); $region = $conn->quote($_POST["priv_region"]); *************** *** 53,57 **** $public = (int) $_POST["public"]; ! $sql="INSERT INTO mgw_contacts (id, title, honorific_prefix, firstname, name_add, nickname, lastname, name_suffix, priv_street, priv_additional, priv_zip, priv_city, priv_state, priv_countrycode, priv_region, priv_telefon, priv_fax, email, email2, email3, tel_company, tel_mobile, url, function, birthday, note, publicKey, companyid, groupid, ispublic, owner, lu_user, lu_date) VALUES ($id, '$title', $honpref, $firstname, $name_add, $nickname, $lastname, $name_suffix, $street, $add, $zip, $city, $state, '$country', $region, $priv_phone, $fax, $email, $email2, $email3, $comp_phone, $mobile, $url, $function, $bday, $note, $pubkey, $company, $group, $public, ".$_SESSION["MGW"]->userid.", ".$_SESSION["MGW"]->userid.", ".$conn->DBTimeStamp(time()).")"; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 53,57 ---- $public = (int) $_POST["public"]; ! $sql="INSERT INTO mgw_contacts (id, title, honorific_prefix, firstname, name_add, nickname, lastname, name_suffix, priv_street, priv_additional, priv_zip, priv_city, priv_state, priv_countrycode, priv_region, priv_telefon, priv_fax, email, email2, email3, tel_company, tel_mobile, url, function, birthday, note, publicKey, companyid, groupid, ispublic, owner, lu_user, lu_date) VALUES ($id, $title, $honpref, $firstname, $name_add, $nickname, $lastname, $name_suffix, $street, $add, $zip, $city, $state, $country, $region, $priv_phone, $fax, $email, $email2, $email3, $comp_phone, $mobile, $url, $function, $bday, $note, $pubkey, $company, $group, $public, ".$_SESSION["MGW"]->userid.", ".$_SESSION["MGW"]->userid.", ".$conn->DBTimeStamp(time()).")"; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 67,71 **** $id = (int) $_POST["id"]; ! $title = $_POST["title"]; $honpref = $conn->quote($_POST["honpref"]); $firstname = $conn->quote($_POST["firstname"]); --- 67,71 ---- $id = (int) $_POST["id"]; ! $title = $conn->quote($_POST["title"]); $honpref = $conn->quote($_POST["honpref"]); $firstname = $conn->quote($_POST["firstname"]); *************** *** 80,84 **** $city = $conn->quote($_POST["priv_ort"]); $state = $conn->quote($_POST["priv_state"]); ! $country = $_POST["priv_country"]; $region = $conn->quote($_POST["priv_region"]); --- 80,84 ---- $city = $conn->quote($_POST["priv_ort"]); $state = $conn->quote($_POST["priv_state"]); ! $country = $conn->quote($_POST["priv_country"]); $region = $conn->quote($_POST["priv_region"]); *************** *** 109,113 **** $public = (int) $_POST["public"]; ! $sql="UPDATE mgw_contacts SET title='$title', honorific_prefix=$honpref, firstname=$firstname, name_add=$name_add, nickname=$nickname, lastname=$lastname, name_suffix=$name_suffix, priv_street=$street, priv_additional=$add, priv_zip=$zip, priv_city=$city, priv_state=$state, priv_countrycode='$country', priv_region=$region, priv_telefon=$priv_phone, priv_fax=$fax, email=$email, email2=$email2, email3=$email3, tel_company=$comp_phone, tel_mobile=$mobile, url=$url, function=$function, birthday=$bday, note=$note, publicKey=$pubkey, companyid=$company, groupid=$group, ispublic=$public, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=$id"; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 109,113 ---- $public = (int) $_POST["public"]; ! $sql="UPDATE mgw_contacts SET title=$title, honorific_prefix=$honpref, firstname=$firstname, name_add=$name_add, nickname=$nickname, lastname=$lastname, name_suffix=$name_suffix, priv_street=$street, priv_additional=$add, priv_zip=$zip, priv_city=$city, priv_state=$state, priv_countrycode=$country, priv_region=$region, priv_telefon=$priv_phone, priv_fax=$fax, email=$email, email2=$email2, email3=$email3, tel_company=$comp_phone, tel_mobile=$mobile, url=$url, function=$function, birthday=$bday, note=$note, publicKey=$pubkey, companyid=$company, groupid=$group, ispublic=$public, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=$id"; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 118,122 **** global $conn; ! $sql = "DELETE FROM mgw_contacts WHERE id=$id"; if(!$conn->Execute($sql)) die(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); return true; --- 118,122 ---- global $conn; ! $sql = "DELETE FROM mgw_contacts WHERE id=".(int)$id; if(!$conn->Execute($sql)) die(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); return true; *************** *** 126,130 **** global $smarty, $conn, $appconf; ! $sql = "SELECT * FROM mgw_contacts WHERE id=$id"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 126,130 ---- global $smarty, $conn, $appconf; ! $sql = "SELECT * FROM mgw_contacts WHERE id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 239,243 **** include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT * FROM mgw_contacts WHERE id=$id"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 239,243 ---- include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT * FROM mgw_contacts WHERE id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 306,315 **** include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company, c.id, c.name_key AS groupname FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id LEFT JOIN mgw_contacts_groups c ON a.groupid = c.id WHERE a.id=".$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); ! $sql2 = "SELECT a.name AS country FROM mgw_countries a LEFt JOIN mgw_contacts b ON a.code = b.priv_countrycode WHERE b.id=$id"; if(!$res2 = $conn->Execute($sql2)) exit(showSQLerror($sql2, $conn->ErrorMsg(), __LINE__, __FILE__)); $row2 = $res2->GetRowAssoc(false); --- 306,315 ---- include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company, c.id, c.name_key AS groupname FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id LEFT JOIN mgw_contacts_groups c ON a.groupid = c.id WHERE a.id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); ! $sql2 = "SELECT a.name AS country FROM mgw_countries a LEFt JOIN mgw_contacts b ON a.code = b.priv_countrycode WHERE b.id=".(int)$id; if(!$res2 = $conn->Execute($sql2)) exit(showSQLerror($sql2, $conn->ErrorMsg(), __LINE__, __FILE__)); $row2 = $res2->GetRowAssoc(false); *************** *** 596,600 **** if($_POST["chosecmp"] == "multiple"){ $pdf->SetSubject(getLanguageString("multiplecompanies")); ! $_company = $_POST["_company"]; if(count($_company) > 0){ for($i=0;$i<count($_company);$i++) { //parse all the companies selected --- 596,600 ---- if($_POST["chosecmp"] == "multiple"){ $pdf->SetSubject(getLanguageString("multiplecompanies")); ! $_company = (int)$_POST["_company"]; if(count($_company) > 0){ for($i=0;$i<count($_company);$i++) { //parse all the companies selected *************** *** 673,677 **** if($_GET["sort"] == "alpha") { ! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE '".$_GET["list"]."%' AND a.ispublic=1) OR (a.lastname LIKE '".$_GET["list"]."%' AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname"; $cheader = getParmLang(getLanguageString("overview_contacts_by_a"), array($list)); } --- 673,678 ---- if($_GET["sort"] == "alpha") { ! $searchterm = $conn->quote($_GET["list"]."%"); ! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE ".$searchterm." AND a.ispublic=1) OR (a.lastname LIKE ".$searchterm." AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname"; $cheader = getParmLang(getLanguageString("overview_contacts_by_a"), array($list)); } Index: contactgroup.class.php =================================================================== RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/contactgroup.class.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** contactgroup.class.php 2 Jul 2003 12:30:13 -0000 1.12 --- contactgroup.class.php 12 Aug 2003 01:38:11 -0000 1.13 *************** *** 32,36 **** $desc = $conn->quote($_POST["desc"]); ! $sql="UPDATE mgw_contacts_groups SET name_key=$name, description=$desc, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=$id"; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 32,36 ---- $desc = $conn->quote($_POST["desc"]); ! $sql="UPDATE mgw_contacts_groups SET name_key=$name, description=$desc, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=".(int)$id; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 41,45 **** global $conn; ! $sql = "DELETE FROM mgw_contacts_groups WHERE id=$id"; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 41,45 ---- global $conn; ! $sql = "DELETE FROM mgw_contacts_groups WHERE id=".(int)$id; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 50,54 **** global $smarty, $conn, $appconf; ! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=$id"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 50,54 ---- global $smarty, $conn, $appconf; ! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); *************** *** 89,93 **** include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=$id"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 89,93 ---- include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); *************** *** 114,118 **** include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT a.*,b.username AS lu_user FROM mgw_contacts_groups a LEFT JOIN mgw_users b ON a.lu_user=b.id WHERE a.id=$id"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 114,118 ---- include(INCLUDEPATH . "mSelectBox.class.php"); ! $sql = "SELECT a.*,b.username AS lu_user FROM mgw_contacts_groups a LEFT JOIN mgw_users b ON a.lu_user=b.id WHERE a.id=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); Index: crm.class.php =================================================================== RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/crm.class.php,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** crm.class.php 2 Jul 2003 12:30:13 -0000 1.17 --- crm.class.php 12 Aug 2003 01:38:11 -0000 1.18 *************** *** 32,36 **** $note = $conn->quote($_POST["note"]); ! $sql="UPDATE mgw_contacts_history SET contact_company=$company, contact_person=$person, contact_date=$date, contact_userid=$userid, contact_todo=$todo, contact_comment=$note, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE contactid = ".$id; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 32,36 ---- $note = $conn->quote($_POST["note"]); ! $sql="UPDATE mgw_contacts_history SET contact_company=$company, contact_person=$person, contact_date=$date, contact_userid=$userid, contact_todo=$todo, contact_comment=$note, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE contactid = ".(int)$id; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 42,46 **** global $conn; ! $sql = "DELETE FROM mgw_contacts_history WHERE contactid=".$id; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 42,46 ---- global $conn; ! $sql = "DELETE FROM mgw_contacts_history WHERE contactid=".(int)$id; if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 51,55 **** global $smarty, $conn, $appconf; ! $sql = "SELECT a.*, b.name1 FROM mgw_contacts_history a LEFT JOIN mgw_companies b ON a.contact_company = b.id WHERE contactid=".$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 51,55 ---- global $smarty, $conn, $appconf; ! $sql = "SELECT a.*, b.name1 FROM mgw_contacts_history a LEFT JOIN mgw_companies b ON a.contact_company = b.id WHERE contactid=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); *************** *** 107,111 **** $backid = (int) $_GET["backid"]; ! $sql = "SELECT * FROM mgw_contacts_history WHERE contactid=".$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); --- 107,111 ---- $backid = (int) $_GET["backid"]; ! $sql = "SELECT * FROM mgw_contacts_history WHERE contactid=".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); $row = $res->FetchRow(); *************** *** 145,149 **** $concat = $conn->Concat("lastname","', '","firstname"); ! $sql = "SELECT name1, contact_company, contact_person, contact_date, contactid, ".$concat." AS contact_username, contact_todo, contact_comment FROM mgw_contacts_history a LEFT OUTER JOIN mgw_users c ON a.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON a.contact_company = d.id WHERE a.contactid = ".$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 145,149 ---- $concat = $conn->Concat("lastname","', '","firstname"); ! $sql = "SELECT name1, contact_company, contact_person, contact_date, contactid, ".$concat." AS contact_username, contact_todo, contact_comment FROM mgw_contacts_history a LEFT OUTER JOIN mgw_users c ON a.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON a.contact_company = d.id WHERE a.contactid = ".(int)$id; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); *************** *** 166,170 **** $icons = getIconStrings(); $concat = $conn->Concat("c.lastname", "', '", "c.firstname"); ! $sql = "SELECT d.name1, b.contact_person, b.contact_date, b.contactid, ".$concat." AS contact_username FROM mgw_contacts_history a, mgw_contacts_history b LEFT OUTER JOIN mgw_users c ON b.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON d.id = b.contact_company WHERE a.contactid = $id AND a.contact_company = b.contact_company ORDER BY b.contact_date DESC"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); --- 166,170 ---- $icons = getIconStrings(); $concat = $conn->Concat("c.lastname", "', '", "c.firstname"); ! $sql = "SELECT d.name1, b.contact_person, b.contact_date, b.contactid, ".$concat." AS contact_username FROM mgw_contacts_history a, mgw_contacts_history b LEFT OUTER JOIN mgw_users c ON b.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON d.id = b.contact_company WHERE a.contactid = ".(int)$id." AND a.contact_company = b.contact_company ORDER BY b.contact_date DESC"; if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__)); |