diff -r dab0e9deeb67 -r ce1c4d5e1576 edit.php --- a/edit.php Thu Jan 03 23:04:46 2008 +0000 +++ b/edit.php Sat Jan 05 16:25:49 2008 +0000 @@ -28,7 +28,7 @@ $recordOwnerError = 'No records where selected to assign an sub-owner.'; } else { foreach ($_POST["rowid"] as $x_user => $recordid){ - $x_userid = $db->queryOne("SELECT id FROM record_owners WHERE user_id = '".$_POST["userid"]."' AND record_id='".$recordid."'"); + $x_userid = $db->queryOne("SELECT id FROM record_owners WHERE user_id = ".$db->quote($_POST["userid"])." AND record_id=".$db->quote($recordid)); if (empty($x_userid)) { add_record_owner($_GET["id"],$_POST["userid"],$recordid); } @@ -300,7 +300,7 @@ ?>