diff -r dab0e9deeb67 -r ce1c4d5e1576 edit_record.php
--- a/edit_record.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/edit_record.php	Sat Jan 05 16:25:49 2008 +0000
@@ -38,7 +38,8 @@
         clean_page("edit.php?id=".$_POST["domainid"]);
 } elseif($_SESSION["partial_".get_domain_name_from_id($_GET["domain"])] == 1)
 {
-    $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id='".$_GET["id"]."' AND user_id='".$_SESSION["userid"]."' LIMIT 1");
+	$db->setLimit(1);
+    $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"]));
     if (empty($checkPartial)) {
         error(ERR_RECORD_ACCESS_DENIED);
     }
@@ -48,7 +49,7 @@
     <h2><? echo _('Edit record in zone'); ?> "<? echo  get_domain_name_from_id($_GET["domain"]) ?>"</h2>
 <?
 
-$x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id='".$_GET['id']."' AND u.id=r.user_id");
+$x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id=".$db->quote($_GET['id'])." AND u.id=r.user_id");
 if (level(10) && ($x_result->numRows() > 0)) 
 {
 ?>