Menu
▾
▴
[moregroupware-cvs] mgw/modules/contact/inc company.class.php,1.17,1.18 contact.class.php,1.32,1.33 contactgroup.class.php,1.12,1.13 crm.class.php,1.17,1.18
|
From: <ema...@us...> - 2003-08-12 02:14:41
|
Update of /cvsroot/moregroupware/mgw/modules/contact/inc
In directory sc8-pr-cvs1:/tmp/cvs-serv6316
Modified Files:
company.class.php contact.class.php contactgroup.class.php
crm.class.php
Log Message:
changing some quotes for sql-security - emailtotom
Index: company.class.php
===================================================================
RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/company.class.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** company.class.php 2 Jul 2003 12:30:13 -0000 1.17
--- company.class.php 12 Aug 2003 01:38:11 -0000 1.18
***************
*** 59,63 ****
global $conn;
! $sql = "DELETE FROM mgw_companies WHERE id=$id";
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 59,63 ----
global $conn;
! $sql = "DELETE FROM mgw_companies WHERE id=".(int)$id;
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 68,72 ****
global $smarty, $conn, $appconf;
! $sql = "SELECT * FROM mgw_companies WHERE id=$id";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 68,72 ----
global $smarty, $conn, $appconf;
! $sql = "SELECT * FROM mgw_companies WHERE id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
***************
*** 117,121 ****
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT * FROM mgw_companies WHERE id=$id";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 117,121 ----
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT * FROM mgw_companies WHERE id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
***************
*** 161,165 ****
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT a.*, b.name AS country FROM mgw_companies a LEFT JOIN mgw_countries b ON a.countrycode = b.code WHERE a.id=".$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 161,165 ----
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT a.*, b.name AS country FROM mgw_companies a LEFT JOIN mgw_countries b ON a.countrycode = b.code WHERE a.id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
***************
*** 205,209 ****
if($_GET["list"] != "") { // ALPHABET SEARCH ACTIVE
! $sql = "SELECT * FROM mgw_companies WHERE name1 LIKE '".$_GET["list"]."%' AND (owner=".$_SESSION['MGW']->userid." OR ispublic=1) ORDER BY name1";
$smarty->assign("list",$_GET["list"]);
}
--- 205,210 ----
if($_GET["list"] != "") { // ALPHABET SEARCH ACTIVE
! $searchterm = $conn->quote($_GET["list"]."%");
! $sql = "SELECT * FROM mgw_companies WHERE name1 LIKE ".$searchterm." AND (owner=".$_SESSION['MGW']->userid." OR ispublic=1) ORDER BY name1";
$smarty->assign("list",$_GET["list"]);
}
Index: contact.class.php
===================================================================
RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/contact.class.php,v
retrieving revision 1.32
retrieving revision 1.33
diff -C2 -d -r1.32 -r1.33
*** contact.class.php 4 Aug 2003 03:19:33 -0000 1.32
--- contact.class.php 12 Aug 2003 01:38:11 -0000 1.33
***************
*** 12,16 ****
$id = $conn->GenID('mgw__seq_contacts');
! $title = $_POST["title"];
$honpref = $conn->quote($_POST["honpref"]);
$firstname = $conn->quote($_POST["firstname"]);
--- 12,16 ----
$id = $conn->GenID('mgw__seq_contacts');
! $title = $conn->quote($_POST["title"]);
$honpref = $conn->quote($_POST["honpref"]);
$firstname = $conn->quote($_POST["firstname"]);
***************
*** 25,29 ****
$city = $conn->quote($_POST["priv_ort"]);
$state = $conn->quote($_POST["priv_state"]);
! $country = $_POST["priv_country"];
$region = $conn->quote($_POST["priv_region"]);
--- 25,29 ----
$city = $conn->quote($_POST["priv_ort"]);
$state = $conn->quote($_POST["priv_state"]);
! $country = $conn->quote($_POST["priv_country"]);
$region = $conn->quote($_POST["priv_region"]);
***************
*** 53,57 ****
$public = (int) $_POST["public"];
! $sql="INSERT INTO mgw_contacts (id, title, honorific_prefix, firstname, name_add, nickname, lastname, name_suffix, priv_street, priv_additional, priv_zip, priv_city, priv_state, priv_countrycode, priv_region, priv_telefon, priv_fax, email, email2, email3, tel_company, tel_mobile, url, function, birthday, note, publicKey, companyid, groupid, ispublic, owner, lu_user, lu_date) VALUES ($id, '$title', $honpref, $firstname, $name_add, $nickname, $lastname, $name_suffix, $street, $add, $zip, $city, $state, '$country', $region, $priv_phone, $fax, $email, $email2, $email3, $comp_phone, $mobile, $url, $function, $bday, $note, $pubkey, $company, $group, $public, ".$_SESSION["MGW"]->userid.", ".$_SESSION["MGW"]->userid.", ".$conn->DBTimeStamp(time()).")";
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 53,57 ----
$public = (int) $_POST["public"];
! $sql="INSERT INTO mgw_contacts (id, title, honorific_prefix, firstname, name_add, nickname, lastname, name_suffix, priv_street, priv_additional, priv_zip, priv_city, priv_state, priv_countrycode, priv_region, priv_telefon, priv_fax, email, email2, email3, tel_company, tel_mobile, url, function, birthday, note, publicKey, companyid, groupid, ispublic, owner, lu_user, lu_date) VALUES ($id, $title, $honpref, $firstname, $name_add, $nickname, $lastname, $name_suffix, $street, $add, $zip, $city, $state, $country, $region, $priv_phone, $fax, $email, $email2, $email3, $comp_phone, $mobile, $url, $function, $bday, $note, $pubkey, $company, $group, $public, ".$_SESSION["MGW"]->userid.", ".$_SESSION["MGW"]->userid.", ".$conn->DBTimeStamp(time()).")";
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 67,71 ****
$id = (int) $_POST["id"];
! $title = $_POST["title"];
$honpref = $conn->quote($_POST["honpref"]);
$firstname = $conn->quote($_POST["firstname"]);
--- 67,71 ----
$id = (int) $_POST["id"];
! $title = $conn->quote($_POST["title"]);
$honpref = $conn->quote($_POST["honpref"]);
$firstname = $conn->quote($_POST["firstname"]);
***************
*** 80,84 ****
$city = $conn->quote($_POST["priv_ort"]);
$state = $conn->quote($_POST["priv_state"]);
! $country = $_POST["priv_country"];
$region = $conn->quote($_POST["priv_region"]);
--- 80,84 ----
$city = $conn->quote($_POST["priv_ort"]);
$state = $conn->quote($_POST["priv_state"]);
! $country = $conn->quote($_POST["priv_country"]);
$region = $conn->quote($_POST["priv_region"]);
***************
*** 109,113 ****
$public = (int) $_POST["public"];
! $sql="UPDATE mgw_contacts SET title='$title', honorific_prefix=$honpref, firstname=$firstname, name_add=$name_add, nickname=$nickname, lastname=$lastname, name_suffix=$name_suffix, priv_street=$street, priv_additional=$add, priv_zip=$zip, priv_city=$city, priv_state=$state, priv_countrycode='$country', priv_region=$region, priv_telefon=$priv_phone, priv_fax=$fax, email=$email, email2=$email2, email3=$email3, tel_company=$comp_phone, tel_mobile=$mobile, url=$url, function=$function, birthday=$bday, note=$note, publicKey=$pubkey, companyid=$company, groupid=$group, ispublic=$public, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=$id";
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 109,113 ----
$public = (int) $_POST["public"];
! $sql="UPDATE mgw_contacts SET title=$title, honorific_prefix=$honpref, firstname=$firstname, name_add=$name_add, nickname=$nickname, lastname=$lastname, name_suffix=$name_suffix, priv_street=$street, priv_additional=$add, priv_zip=$zip, priv_city=$city, priv_state=$state, priv_countrycode=$country, priv_region=$region, priv_telefon=$priv_phone, priv_fax=$fax, email=$email, email2=$email2, email3=$email3, tel_company=$comp_phone, tel_mobile=$mobile, url=$url, function=$function, birthday=$bday, note=$note, publicKey=$pubkey, companyid=$company, groupid=$group, ispublic=$public, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=$id";
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 118,122 ****
global $conn;
! $sql = "DELETE FROM mgw_contacts WHERE id=$id";
if(!$conn->Execute($sql)) die(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
return true;
--- 118,122 ----
global $conn;
! $sql = "DELETE FROM mgw_contacts WHERE id=".(int)$id;
if(!$conn->Execute($sql)) die(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
return true;
***************
*** 126,130 ****
global $smarty, $conn, $appconf;
! $sql = "SELECT * FROM mgw_contacts WHERE id=$id";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 126,130 ----
global $smarty, $conn, $appconf;
! $sql = "SELECT * FROM mgw_contacts WHERE id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 239,243 ****
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT * FROM mgw_contacts WHERE id=$id";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 239,243 ----
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT * FROM mgw_contacts WHERE id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 306,315 ****
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company, c.id, c.name_key AS groupname FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id LEFT JOIN mgw_contacts_groups c ON a.groupid = c.id WHERE a.id=".$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
! $sql2 = "SELECT a.name AS country FROM mgw_countries a LEFt JOIN mgw_contacts b ON a.code = b.priv_countrycode WHERE b.id=$id";
if(!$res2 = $conn->Execute($sql2)) exit(showSQLerror($sql2, $conn->ErrorMsg(), __LINE__, __FILE__));
$row2 = $res2->GetRowAssoc(false);
--- 306,315 ----
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company, c.id, c.name_key AS groupname FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id LEFT JOIN mgw_contacts_groups c ON a.groupid = c.id WHERE a.id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
! $sql2 = "SELECT a.name AS country FROM mgw_countries a LEFt JOIN mgw_contacts b ON a.code = b.priv_countrycode WHERE b.id=".(int)$id;
if(!$res2 = $conn->Execute($sql2)) exit(showSQLerror($sql2, $conn->ErrorMsg(), __LINE__, __FILE__));
$row2 = $res2->GetRowAssoc(false);
***************
*** 596,600 ****
if($_POST["chosecmp"] == "multiple"){
$pdf->SetSubject(getLanguageString("multiplecompanies"));
! $_company = $_POST["_company"];
if(count($_company) > 0){
for($i=0;$i<count($_company);$i++) { //parse all the companies selected
--- 596,600 ----
if($_POST["chosecmp"] == "multiple"){
$pdf->SetSubject(getLanguageString("multiplecompanies"));
! $_company = (int)$_POST["_company"];
if(count($_company) > 0){
for($i=0;$i<count($_company);$i++) { //parse all the companies selected
***************
*** 673,677 ****
if($_GET["sort"] == "alpha") {
! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE '".$_GET["list"]."%' AND a.ispublic=1) OR (a.lastname LIKE '".$_GET["list"]."%' AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname";
$cheader = getParmLang(getLanguageString("overview_contacts_by_a"), array($list));
}
--- 673,678 ----
if($_GET["sort"] == "alpha") {
! $searchterm = $conn->quote($_GET["list"]."%");
! $sql = "SELECT a.*, b.name1, b.telephone, b.email AS email_company FROM mgw_contacts a LEFT JOIN mgw_companies b ON a.companyid=b.id WHERE (a.lastname LIKE ".$searchterm." AND a.ispublic=1) OR (a.lastname LIKE ".$searchterm." AND a.ispublic=0 AND a.owner=".$_SESSION["MGW"]->userid.") $groupsql ORDER BY a.lastname";
$cheader = getParmLang(getLanguageString("overview_contacts_by_a"), array($list));
}
Index: contactgroup.class.php
===================================================================
RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/contactgroup.class.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** contactgroup.class.php 2 Jul 2003 12:30:13 -0000 1.12
--- contactgroup.class.php 12 Aug 2003 01:38:11 -0000 1.13
***************
*** 32,36 ****
$desc = $conn->quote($_POST["desc"]);
! $sql="UPDATE mgw_contacts_groups SET name_key=$name, description=$desc, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=$id";
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 32,36 ----
$desc = $conn->quote($_POST["desc"]);
! $sql="UPDATE mgw_contacts_groups SET name_key=$name, description=$desc, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE id=".(int)$id;
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 41,45 ****
global $conn;
! $sql = "DELETE FROM mgw_contacts_groups WHERE id=$id";
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 41,45 ----
global $conn;
! $sql = "DELETE FROM mgw_contacts_groups WHERE id=".(int)$id;
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 50,54 ****
global $smarty, $conn, $appconf;
! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=$id";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 50,54 ----
global $smarty, $conn, $appconf;
! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
***************
*** 89,93 ****
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=$id";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 89,93 ----
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT * FROM mgw_contacts_groups WHERE id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
***************
*** 114,118 ****
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT a.*,b.username AS lu_user FROM mgw_contacts_groups a LEFT JOIN mgw_users b ON a.lu_user=b.id WHERE a.id=$id";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 114,118 ----
include(INCLUDEPATH . "mSelectBox.class.php");
! $sql = "SELECT a.*,b.username AS lu_user FROM mgw_contacts_groups a LEFT JOIN mgw_users b ON a.lu_user=b.id WHERE a.id=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
Index: crm.class.php
===================================================================
RCS file: /cvsroot/moregroupware/mgw/modules/contact/inc/crm.class.php,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** crm.class.php 2 Jul 2003 12:30:13 -0000 1.17
--- crm.class.php 12 Aug 2003 01:38:11 -0000 1.18
***************
*** 32,36 ****
$note = $conn->quote($_POST["note"]);
! $sql="UPDATE mgw_contacts_history SET contact_company=$company, contact_person=$person, contact_date=$date, contact_userid=$userid, contact_todo=$todo, contact_comment=$note, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE contactid = ".$id;
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 32,36 ----
$note = $conn->quote($_POST["note"]);
! $sql="UPDATE mgw_contacts_history SET contact_company=$company, contact_person=$person, contact_date=$date, contact_userid=$userid, contact_todo=$todo, contact_comment=$note, lu_user=".$_SESSION["MGW"]->userid.", lu_date=".$conn->DBTimeStamp(time())." WHERE contactid = ".(int)$id;
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 42,46 ****
global $conn;
! $sql = "DELETE FROM mgw_contacts_history WHERE contactid=".$id;
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 42,46 ----
global $conn;
! $sql = "DELETE FROM mgw_contacts_history WHERE contactid=".(int)$id;
if(!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 51,55 ****
global $smarty, $conn, $appconf;
! $sql = "SELECT a.*, b.name1 FROM mgw_contacts_history a LEFT JOIN mgw_companies b ON a.contact_company = b.id WHERE contactid=".$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 51,55 ----
global $smarty, $conn, $appconf;
! $sql = "SELECT a.*, b.name1 FROM mgw_contacts_history a LEFT JOIN mgw_companies b ON a.contact_company = b.id WHERE contactid=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
***************
*** 107,111 ****
$backid = (int) $_GET["backid"];
! $sql = "SELECT * FROM mgw_contacts_history WHERE contactid=".$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
--- 107,111 ----
$backid = (int) $_GET["backid"];
! $sql = "SELECT * FROM mgw_contacts_history WHERE contactid=".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
$row = $res->FetchRow();
***************
*** 145,149 ****
$concat = $conn->Concat("lastname","', '","firstname");
! $sql = "SELECT name1, contact_company, contact_person, contact_date, contactid, ".$concat." AS contact_username, contact_todo, contact_comment FROM mgw_contacts_history a LEFT OUTER JOIN mgw_users c ON a.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON a.contact_company = d.id WHERE a.contactid = ".$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 145,149 ----
$concat = $conn->Concat("lastname","', '","firstname");
! $sql = "SELECT name1, contact_company, contact_person, contact_date, contactid, ".$concat." AS contact_username, contact_todo, contact_comment FROM mgw_contacts_history a LEFT OUTER JOIN mgw_users c ON a.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON a.contact_company = d.id WHERE a.contactid = ".(int)$id;
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
***************
*** 166,170 ****
$icons = getIconStrings();
$concat = $conn->Concat("c.lastname", "', '", "c.firstname");
! $sql = "SELECT d.name1, b.contact_person, b.contact_date, b.contactid, ".$concat." AS contact_username FROM mgw_contacts_history a, mgw_contacts_history b LEFT OUTER JOIN mgw_users c ON b.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON d.id = b.contact_company WHERE a.contactid = $id AND a.contact_company = b.contact_company ORDER BY b.contact_date DESC";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
--- 166,170 ----
$icons = getIconStrings();
$concat = $conn->Concat("c.lastname", "', '", "c.firstname");
! $sql = "SELECT d.name1, b.contact_person, b.contact_date, b.contactid, ".$concat." AS contact_username FROM mgw_contacts_history a, mgw_contacts_history b LEFT OUTER JOIN mgw_users c ON b.contact_userid = c.id LEFT OUTER JOIN mgw_companies d ON d.id = b.contact_company WHERE a.contactid = ".(int)$id." AND a.contact_company = b.contact_company ORDER BY b.contact_date DESC";
if(!$res = $conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
|