FSN#33658: potentiële SQL-injections aangepast.

svn path=/Website/trunk/; revision=28184
2016-02-16 10:08:56 +00:00
parent 617f964d60
commit 8454c1cb20
1 changed files with 3 additions and 3 deletions
--- a/APPL/PRS/kpn_mandate_list.inc
+++ b/APPL/PRS/kpn_mandate_list.inc
@@ -93,12 +93,12 @@ function kpn_mandate_list(authparams, params)
               + "         CASE"
               + "            WHEN pk.prs_perslidkostenplaats_boeken = 1 "
               + "               THEN " + safe.quoted_sql(L('lcl_yes'))
-               + "            ELSE " + quoted_sql(L('lcl_no'))
+               + "            ELSE " + safe.quoted_sql(L('lcl_no'))
               + "         END boeken, "
               + "         CASE"
               + "            WHEN  pk.prs_perslidkostenplaats_inzage = 1 "
-               + "               THEN " + quoted_sql(L('lcl_yes'))
-               + "            ELSE " + quoted_sql(L('lcl_no'))
+               + "               THEN " + safe.quoted_sql(L('lcl_yes'))
+               + "            ELSE " + safe.quoted_sql(L('lcl_no'))
               + "         END inzage, "
               + "         k.prs_kostenplaats_key, "
               + "         k.prs_perslid_key verantwoordelijke_key, "