diff -r dab0e9deeb67 -r ce1c4d5e1576 delete_record.php
--- a/delete_record.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/delete_record.php	Sat Jan 05 16:25:49 2008 +0000
@@ -28,7 +28,8 @@
     		error(ERR_RECORD_ACCESS_DENIED);
 	}
 	if ((!level(5)) && ($_SESSION[$zoneId.'_ispartial'] == 1)) {
-		$checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id='".$_GET["id"]."' AND user_id='".$_SESSION["userid"]."' LIMIT 1");
+		$db->setLimit(1);
+		$checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"]));
 		if (empty($checkPartial)) {
 			error(ERR_RECORD_ACCESS_DENIED);
 		}