# HG changeset patch
# User peter
# Date 1199550349 0
# Node ID ce1c4d5e1576e693a19717f5daa0832cde3e02ee
# Parent  dab0e9deeb67e356ae0ca4ab226c5843a69e6e45
[feladat @ 112]
Added better support of the PEAR:MDB2 package by using the setLimit() function instead of adding a LIMIT to the query itself and by using the quote() function to quote all parameters.

Added an error when no valid email address was given when creating or modifying a user.

diff -r dab0e9deeb67 -r ce1c4d5e1576 delete_record.php
--- a/delete_record.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/delete_record.php	Sat Jan 05 16:25:49 2008 +0000
@@ -28,7 +28,8 @@
     		error(ERR_RECORD_ACCESS_DENIED);
 	}
 	if ((!level(5)) && ($_SESSION[$zoneId.'_ispartial'] == 1)) {
-		$checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id='".$_GET["id"]."' AND user_id='".$_SESSION["userid"]."' LIMIT 1");
+		$db->setLimit(1);
+		$checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"]));
 		if (empty($checkPartial)) {
 			error(ERR_RECORD_ACCESS_DENIED);
 		}
diff -r dab0e9deeb67 -r ce1c4d5e1576 delete_user.php
--- a/delete_user.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/delete_user.php	Sat Jan 05 16:25:49 2008 +0000
@@ -102,7 +102,7 @@
         }
         
         $message = _('You are going to delete this user, are you sure?');
-        if(($numrows = $db->queryOne("select count(id) from zones where owner=$id")) != 0)
+        if(($numrows = $db->queryOne("SELECT count(id) FROM zones WHERE owner=".$db->quote($id))) != 0)
         {
         	$message .= " " . _('This user has access to ') . $numrows . _(' zones, by deleting him you will also delete these zones.');
         }
diff -r dab0e9deeb67 -r ce1c4d5e1576 edit.php
--- a/edit.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/edit.php	Sat Jan 05 16:25:49 2008 +0000
@@ -28,7 +28,7 @@
 		$recordOwnerError = 'No records where selected to assign an sub-owner.';
 	} else {
 		foreach ($_POST["rowid"] as $x_user => $recordid){
-			$x_userid = $db->queryOne("SELECT id FROM record_owners WHERE user_id = '".$_POST["userid"]."' AND record_id='".$recordid."'");
+			$x_userid = $db->queryOne("SELECT id FROM record_owners WHERE user_id = ".$db->quote($_POST["userid"])." AND record_id=".$db->quote($recordid));
 			if (empty($x_userid)) {
 				add_record_owner($_GET["id"],$_POST["userid"],$recordid);
 			}
@@ -300,7 +300,7 @@
 ?>
             <td class="n">
 <? 
-			$x_result = $db->query("SELECT r.user_id,u.username,u.fullname FROM record_owners as r, users as u WHERE r.record_id='".$r['id']."' AND u.id=r.user_id");
+			$x_result = $db->query("SELECT r.user_id,u.username,u.fullname FROM record_owners as r, users as u WHERE r.record_id=".$db->quote($r['id'])." AND u.id=r.user_id");
 			echo "<select style=\"width:120px;\">";
 			while ($x_r = $x_result->fetchRow()) {
 				echo "<option value=\"".$x_r["username"]."\">".$x_r["fullname"]."</option>";
diff -r dab0e9deeb67 -r ce1c4d5e1576 edit_record.php
--- a/edit_record.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/edit_record.php	Sat Jan 05 16:25:49 2008 +0000
@@ -38,7 +38,8 @@
         clean_page("edit.php?id=".$_POST["domainid"]);
 } elseif($_SESSION["partial_".get_domain_name_from_id($_GET["domain"])] == 1)
 {
-    $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id='".$_GET["id"]."' AND user_id='".$_SESSION["userid"]."' LIMIT 1");
+	$db->setLimit(1);
+    $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"]));
     if (empty($checkPartial)) {
         error(ERR_RECORD_ACCESS_DENIED);
     }
@@ -48,7 +49,7 @@
     <h2><? echo _('Edit record in zone'); ?> "<? echo  get_domain_name_from_id($_GET["domain"]) ?>"</h2>
 <?
 
-$x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id='".$_GET['id']."' AND u.id=r.user_id");
+$x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id=".$db->quote($_GET['id'])." AND u.id=r.user_id");
 if (level(10) && ($x_result->numRows() > 0)) 
 {
 ?>
diff -r dab0e9deeb67 -r ce1c4d5e1576 inc/auth.inc.php
--- a/inc/auth.inc.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/inc/auth.inc.php	Sat Jan 05 16:25:49 2008 +0000
@@ -45,7 +45,7 @@
 if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
 {
     //Username and password are set, lets try to authenticate.
-	$result = $db->query("SELECT id, fullname, level FROM users WHERE username='". $_SESSION["userlogin"]  ."' AND password='". md5($_SESSION["userpwd"])  ."' AND active=1");
+	$result = $db->query("SELECT id, fullname, level FROM users WHERE username=". $db->quote($_SESSION["userlogin"])  ." AND password=". $db->quote(md5($_SESSION["userpwd"]))  ." AND active=1");
 	if($result->numRows() == 1)
 	{
         	$rowObj = $result->fetchRow();
diff -r dab0e9deeb67 -r ce1c4d5e1576 inc/dns.inc.php
--- a/inc/dns.inc.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/inc/dns.inc.php	Sat Jan 05 16:25:49 2008 +0000
@@ -245,7 +245,7 @@
 	// P.S. we might add CNAME to block CNAME recursion and chains.
 	$blockedtypes = " AND (type='MX' OR type='NS')";
 
-	$cnamec = "SELECT type, content FROM records WHERE content='$dest'" . $blockedtypes;
+	$cnamec = "SELECT type, content FROM records WHERE content=".$db->quote($dest) . $blockedtypes;
 	$result = $db->query($cnamec);
 
 	if($result->numRows() > 0)
@@ -382,7 +382,7 @@
 	global $db;
 	// See if the destination to which this MX is pointing is NOT a CNAME record.
 	// Check inside our dns server.
-	if($db->queryOne("SELECT count(id) FROM records WHERE name='$content' AND type='CNAME'") > 0)
+	if($db->queryOne("SELECT count(id) FROM records WHERE name=".$db->quote($content)." AND type='CNAME'") > 0)
 	{
 		return -1;
 	}
@@ -425,7 +425,7 @@
 		// "an IN NS field must be a hostname."
 	}
 
-	if($db->queryOne("SELECT count(id) FROM records WHERE name='$content' AND type='CNAME'") > 0)
+	if($db->queryOne("SELECT count(id) FROM records WHERE name=".$db->quote($content)." AND type='CNAME'") > 0)
 	{
 		return -2;
 		// "You can not point a NS record to a CNAME record. Remove/rename the CNAME record first or take another name."
diff -r dab0e9deeb67 -r ce1c4d5e1576 inc/record.inc.php
--- a/inc/record.inc.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/inc/record.inc.php	Sat Jan 05 16:25:49 2008 +0000
@@ -37,10 +37,10 @@
 	 * YYYYMMDDnn
 	 */
 
-	$sqlq = "SELECT notified_serial FROM domains WHERE id = '".$domain_id."'";
+	$sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id);
 	$notified_serial = $db->queryOne($sqlq);
 
-	$sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = '".$domain_id."'";
+	$sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = ".$db->quote($domain_id);
 	$content = $db->queryOne($sqlq);
     $need_to_update = false;
 	
@@ -101,7 +101,7 @@
 		{	
 			$new_soa .= $soa[$i] . " "; 
 		}
-		$sqlq = "UPDATE records SET content = '".$new_soa."' WHERE domain_id = '".$domain_id."' AND type = 'SOA'";
+		$sqlq = "UPDATE records SET content = ".$db->quote($new_soa)." WHERE domain_id = ".$db->quote($domain_id)." AND type = 'SOA'";
 		$db->Query($sqlq);
 		return true;
 	}
@@ -128,7 +128,7 @@
 	{
 		validate_input($zoneid, $type, $content, $name, $prio, $ttl);
                 $change = time();
-                $db->query("UPDATE records set name='$name', type='$type', content='$content', ttl='$ttl', prio='$prio', change_date='$change' WHERE id=$recordid");
+                $db->query("UPDATE records set name=".$db->quote($name).", type=".$db->quote($type).", content=".$db->quote($content).", ttl=".$db->quote($ttl).", prio=".$db->quote($prio).", change_date=".$db->quote($change)." WHERE id=".$db->quote($recordid));
 		
 		/*
 		 * Added by DeViCeD - Update SOA Serial number
@@ -157,7 +157,7 @@
 	}
 	if (is_numeric($zoneid) || is_numeric($userid) || is_numeric($recordid))
 	{
-		$db->query("INSERT INTO record_owners (user_id, record_id) VALUES ('".$userid."','".$recordid."')");
+		$db->query("INSERT INTO record_owners (user_id, record_id) VALUES (".$db->quote($userid).", ".$db->quote($recordid).")");
 		return true;
 	}
 	else
@@ -175,7 +175,7 @@
 	}
 	if (is_numeric($zoneid) || is_numeric($rowid) || is_numeric($recordid))
 	{
-		$db->query("DELETE FROM record_owners WHERE id='".$rowid."' AND record_id='".$recordid."'");
+		$db->query("DELETE FROM record_owners WHERE id=".$db->quote($rowid)." AND record_id=".$db->quote($recordid));
 		return true;
 	}
 	else
@@ -206,7 +206,7 @@
 		$change = time();
 		
 		// Execute query.
-		$db->query("INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES ($zoneid, '$name', '$type', '$content', $ttl, '$prio', $change)");
+		$db->query("INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (".$db->quote($zoneid).", ".$db->quote($name).", ".$db->quote($type).", ".$db->quote($content).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($change).")");
 		if ($type != 'SOA')
 		{
 			update_soa_serial($zoneid);
@@ -241,7 +241,7 @@
         }
         else
         {
-                $db->query("INSERT INTO supermasters VALUES ('$master_ip', '$ns_name', '$account')");
+                $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip).", ".$db->quote($ns_name).", ".$db->quote($account).")");
                 return true;
         }
 }
@@ -255,7 +255,7 @@
         }
         if (is_valid_ip($master_ip) || is_valid_ip6($master_ip))
         {
-                $db->query("DELETE FROM supermasters WHERE ip = '$master_ip'");
+                $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip));
                 return true;
         }
         else
@@ -273,7 +273,7 @@
         }
         if (is_valid_ip($master_ip) || is_valid_ip6($master_ip))
 	{
-	        $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = '$master_ip'");
+	        $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip));
 
 		$ret = array(
 		"master_ip"	=>              $result["ip"],
@@ -320,7 +320,7 @@
 	if (is_numeric($id))
 	{
 	    $did = recid_to_domid($id);
-		$db->query('DELETE FROM records WHERE id=' . $id );
+		$db->query('DELETE FROM records WHERE id=' . $db->quote($id) );
 		if ($type != 'SOA')
 		{
 			update_soa_serial($did);
@@ -368,7 +368,7 @@
 	if (($domain && $owner && $webip && $mailip) || ($empty && $owner && $domain) || (eregi('in-addr.arpa', $domain) && $owner) || $type=="SLAVE" && $domain && $owner && $slave_master)
 	{
                 // First insert zone into domain table
-                $db->query("INSERT INTO domains (name, type) VALUES ('$domain', '$type')");
+                $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")");
 
                 // Determine id of insert zone (in other words, find domain_id)
                 $iddomain = $db->lastInsertId('domains', 'id');
@@ -377,11 +377,11 @@
                 }
 
                 // Second, insert into zones tables
-                $db->query("INSERT INTO zones (domain_id, owner) VALUES ('$iddomain', $owner)");
+                $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($iddomain).", ".$db->quote($owner).")");
 
 		if ($type == "SLAVE")
 		{
-			$db->query("UPDATE domains SET master = '$slave_master' WHERE id = '$iddomain';");
+			$db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($iddomain));
 			
 			// Done
 			return true;
@@ -400,7 +400,7 @@
 				$ttl = $GLOBALS["DEFAULT_TTL"];
 
 				// Build and execute query
-				$sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES ('$iddomain', '$domain', '$ns1 $hm 1', 'SOA', $ttl, 0, '$now')";
+				$sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($domain).", ".$db->quote($ns1.' '.$hm.' 1').", 'SOA', ".$db->quote($ttl).", 0, ".$db->quote($now).")";
 				$db->query($sql);
 
 				// Done
@@ -430,7 +430,7 @@
 							$ttl = $GLOBALS["DEFAULT_TTL"];
 						}
 
-						$sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES ('$iddomain', '$name','$content','$type','$ttl','$prio','$now')";
+						$sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($name).", ".$db->quote($content).", ".$db->quote($type).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($now).")";
 						$db->query($sql);
 					}
 				}
@@ -466,9 +466,9 @@
 	// See if the ID is numeric.
 	if (is_numeric($id))
 	{
-		$db->query("DELETE FROM zones WHERE domain_id=$id");
-		$db->query("DELETE FROM domains WHERE id=$id");
-		$db->query("DELETE FROM records WHERE domain_id=$id");
+		$db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id));
+		$db->query("DELETE FROM domains WHERE id=".$db->quote($id));
+		$db->query("DELETE FROM records WHERE domain_id=".$db->quote($id));
 		// Nothing in the database. If the delete deleted 0 records it means the id is just not there.
 		// therefore the is no need to check the affectedRows values.
 		return true;
@@ -489,7 +489,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT domain_id FROM records WHERE id=$id");
+		$result = $db->query("SELECT domain_id FROM records WHERE id=".$db->quote($id));
 		$r = $result->fetchRow();
 		return $r["domain_id"];
 	}
@@ -567,9 +567,9 @@
 
 	if (is_numeric($domain) && is_numeric($newowner) && is_valid_user($newowner))
 	{
-		if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=$newowner AND domain_id=$domain") == 0)
+		if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($newowner)." AND domain_id=".$db->quote($domain)) == 0)
 		{
-			$db->query("INSERT INTO zones (domain_id, owner) VALUES($domain, $newowner)");
+			$db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($domain).", ".$db->quote($newowner).")");
 		}
 		return true;
 	}
@@ -583,9 +583,9 @@
 function delete_owner($domain, $owner)
 {
 	global $db;
-	if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=$owner AND domain_id=$domain") != 0)
+	if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)) != 0)
 	{
-		$db->query("DELETE FROM zones WHERE owner=$owner AND domain_id=$domain");
+		$db->query("DELETE FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain));
 	}
 	return true;
 }
@@ -621,7 +621,7 @@
 	// Get the domain id.
 	$domid = recid_to_domid($recid);
 
-	$result = $db->query("select id, type from records where domain_id=$recid and type='$type'");
+	$result = $db->query("select id, type from records where domain_id=".$db->quote($recid)." and type=".$db->quote($type));
 	return $result;
 }
 
@@ -635,7 +635,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT type FROM records WHERE id=$id");
+		$result = $db->query("SELECT type FROM records WHERE id=".$db->quote($id));
 		$r = $result->fetchRow();
 		return $r["type"];
 	}
@@ -655,7 +655,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT name FROM records WHERE id=$id");
+		$result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id));
 		$r = $result->fetchRow();
 		return $r["name"];
 	}
@@ -685,7 +685,7 @@
 					domains.name AS name 
 					FROM domains 
 					LEFT JOIN zones ON domains.id=zones.domain_id 
-					WHERE owner=$id"); 
+					WHERE owner=".$db->quote($id)); 
 		
 		// Process the output.
 
@@ -710,7 +710,7 @@
 				// want to see the zones he has not full access to 
 				// as well.
 
-				$andnot.=$r["domain_id"];
+				$andnot.=$db->quote($r["domain_id"]);
 				if ($i < $numrows) {
 					$andnot.=",";
 					$i++;
@@ -730,10 +730,10 @@
 					records.domain_id, 
 					domains.name 
 					FROM records, record_owners, domains 
-					WHERE record_owners.user_id = '".$id."' 
+					WHERE record_owners.user_id = ".$db->quote($id)." 
 					AND records.id = record_owners.record_id 
 					AND domains.id = records.domain_id
-					".$andnot.";");
+					".$andnot);
 		
 		// Add these zones to the array as well.
 
@@ -768,7 +768,7 @@
 	}
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT name FROM domains WHERE id=$id");
+		$result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($id));
 		if ($result->numRows() == 1)
 		{
  			$r = $result->fetchRow();
@@ -810,9 +810,9 @@
 	count(record_owners.id) AS aantal
 	FROM domains, users, record_owners, records
 	
-        WHERE record_owners.user_id = ".$_SESSION["userid"]."
+        WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
         AND record_owners.record_id = records.id
-	AND records.domain_id = ".$id."
+	AND records.domain_id = ".$db->quote($id)."
 
 	GROUP BY domains.name, owner, users.fullname, domains.type
 	ORDER BY domains.name";
@@ -883,7 +883,7 @@
 	}
 	if (is_valid_domain($domain))
 	{
-		$result = $db->query("SELECT id FROM domains WHERE name='$domain'");
+		$result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain));
 		if ($result->numRows() == 0)
 		{
 			return false;
@@ -932,7 +932,7 @@
         }
         if (is_valid_ip($master_ip) || is_valid_ip6($master_ip))
         {
-                $result = $db->query("SELECT ip FROM supermasters WHERE ip = '$master_ip'");
+                $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip));
                 if ($result->numRows() == 0)
                 {
                         return false;
@@ -961,7 +961,7 @@
 	global $sql_regexp;
 	if((!level(5) || !$userid) && !level(10) && !level(5))
 	{
-		$add = " AND zones.owner=".$_SESSION["userid"];
+		$add = " AND zones.owner=".$db->quote($_SESSION["userid"]);
 	}
 	else
 	{
@@ -977,15 +977,17 @@
 	LEFT JOIN records ON records.domain_id=domains.id
 	WHERE 1=1 $add ";
 	if ($letterstart!=all && $letterstart!=1) {
-	   $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^".$letterstart."' ";
+	   $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letterstart);
 	} elseif ($letterstart==1) {
 	   $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
 	}
 	$sqlq.=" GROUP BY domainname, domains.id
-	ORDER BY domainname
-	LIMIT $rowamount OFFSET $rowstart";
+	ORDER BY domainname";
 
+	$db->setLimit($rowstart, $rowamount);
 	$result = $db->query($sqlq);
+	// Set limit needs to be called before each query
+	$db->setLimit($rowstart, $rowamount);
 	$result2 = $db->query($sqlq); 
 	
 	$numrows = $result2->numRows();
@@ -993,7 +995,7 @@
 	if ($numrows > 0) {
 		$andnot=" AND NOT domains.id IN (";
 		while($r = $result2->fetchRow()) {
-			$andnot.=$r["domain_id"];
+			$andnot.=$db->quote($r["domain_id"]);
 			if ($i < $numrows) {
 				$andnot.=",";
 				$i++;
@@ -1012,12 +1014,12 @@
 		count(DISTINCT record_owners.record_id) AS aantal,
 		domains.name AS domainname
 		FROM domains, record_owners,records, zones
-		WHERE record_owners.user_id = '".$_SESSION["userid"]."'
+		WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
 		AND (records.id = record_owners.record_id
 		AND domains.id = records.domain_id)
 		$andnot 
-		AND domains.name LIKE '".$letterstart."%' 
-		AND (zones.domain_id != records.domain_id AND zones.owner!='".$_SESSION["userid"]."')
+		AND domains.name LIKE ".$db->quote($letterstart."%")." 
+		AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).")
 		GROUP BY domainname, domains.id
 		ORDER BY domainname";
 
@@ -1029,12 +1031,12 @@
 		count(DISTINCT record_owners.record_id) AS aantal,
 		domains.name AS domainname
 		FROM domains, record_owners,records, zones
-		WHERE record_owners.user_id = '".$_SESSION["userid"]."'
+		WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
 		AND (records.id = record_owners.record_id
 		AND domains.id = records.domain_id)
 		$andnot 
 		AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'
-		AND (zones.domain_id != records.domain_id AND zones.owner!='".$_SESSION["userid"]."')
+		AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).")
 		GROUP BY domainname, domains.id
 		ORDER BY domainname";
 
@@ -1109,14 +1111,14 @@
         if((!level(5) || !$userid) && !level(10) && !level(5))
         {
 		// First select the zones for which we have ownership on one or more records.
-		$query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$_SESSION['userid'].' AND records.id = record_owners.record_id';
+		$query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id';
 		$result = $db->query($query);
 		$zones = array();
 		if (!PEAR::isError($result)) {
 			$zones = $result->fetchCol();
 		}
 	
-                $add = " AND (zones.owner=".$_SESSION["userid"];
+                $add = " AND (zones.owner=".$db->quote($_SESSION["userid"]);
 		if (count($zones) > 0) {
 			$add .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; 
 
@@ -1129,7 +1131,7 @@
         }
 
         if ($letterstart!=all && $letterstart!=1) {
-           $add .=" AND domains.name LIKE '".$letterstart."%' ";
+           $add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
         } elseif ($letterstart==1) {
            $add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
         }
@@ -1156,7 +1158,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=$id");
+		$result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=".$db->quote($id));
 		if($result->numRows() == 0)
 		{
 			return -1;
@@ -1199,14 +1201,13 @@
 	if (is_numeric($id))
 	{
 		if ($_SESSION[$id."_ispartial"] == 1) {
-
+		$db->setLimit($rowstart, $rowamount);
 		$result = $db->query("SELECT record_owners.record_id as id
 		FROM record_owners,domains,records
-		WHERE record_owners.user_id = ".$_SESSION["userid"]."
+		WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
 		AND record_owners.record_id = records.id
-		AND records.domain_id = ".$id."
-		GROUP bY record_owners.record_id
-		LIMIT $rowamount OFFSET $rowstart");
+		AND records.domain_id = ".$db->quote($id)."
+		GROUP bY record_owners.record_id");
 
 		$ret = array();
 		if($result->numRows() == 0)
@@ -1227,8 +1228,8 @@
 		}
 
 		} else {
-
-		$result = $db->query("SELECT id FROM records WHERE domain_id=$id LIMIT $rowamount OFFSET $rowstart");
+		$db->setLimit($rowstart, $rowamount);
+		$result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id));
 		$ret = array();
 		if($result->numRows() == 0)
 		{
@@ -1259,11 +1260,11 @@
 function get_users_from_domain_id($id)
 {
 	global $db;
-	$result = $db->queryCol("SELECT owner FROM zones WHERE domain_id=$id");
+	$result = $db->queryCol("SELECT owner FROM zones WHERE domain_id=".$db->quote($id));
 	$ret = array();
 	foreach($result as $uid)
 	{
-		$fullname = $db->queryOne("SELECT fullname FROM users WHERE id=$uid");
+		$fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$db->quote($uid));
 		$ret[] = array(
 		"id" 		=> 	$uid,
 		"fullname"	=>	$fullname		
@@ -1281,8 +1282,8 @@
 	{
 		$sqlq = "SELECT * 
 				FROM records 
-				WHERE content LIKE '".$question."' 
-				OR name LIKE '".$question."' 
+				WHERE content LIKE ".$db->quote($question)." 
+				OR name LIKE ".$db->quote($question)."
 				ORDER BY type DESC";
 		$result = $db->query($sqlq);
 		$ret_r = array();
@@ -1307,7 +1308,7 @@
 				FROM domains, records, zones  
 				WHERE domains.id = records.domain_id 
 				AND zones.domain_id = domains.id 
-				AND domains.name LIKE '".$question."' 
+				AND domains.name LIKE ".$db->quote($question)." 
 				GROUP BY domains.id, domains.name, zones.owner, records.domain_id";
 		$result = $db->query($sqlq);
 		$ret_d = array();
@@ -1337,7 +1338,7 @@
 	global $db;
         if (is_numeric($id))
 	{
-		$type = $db->queryOne("SELECT type FROM domains WHERE id = '".$id."'");
+		$type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id));
 		if($type == "")
 		{
 			$type = "NATIVE";
@@ -1355,7 +1356,7 @@
 	global $db;
         if (is_numeric($id))
 	{
-		$slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = '".$id."'");
+		$slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id));
 		return $slave_master;
         }
         else
@@ -1377,7 +1378,7 @@
 		{
 			$add = ", master=''";
 		}
-		$result = $db->query("UPDATE domains SET type = '" .$type. "'".$add." WHERE id = '".$id."'");
+		$result = $db->query("UPDATE domains SET type = " .$db->quote($type). $add." WHERE id = ".$db->quote($id));
 	}
         else
         {
@@ -1392,7 +1393,7 @@
 	{
        		if (is_valid_ip($slave_master) || is_valid_ip6($slave_master))
 		{
-			$result = $db->query("UPDATE domains SET master = '" .$slave_master. "' WHERE id = '".$id."'");
+			$result = $db->query("UPDATE domains SET master = " .$db->quote($slave_master). " WHERE id = ".$db->quote($id));
 		}
 		else
 		{
diff -r dab0e9deeb67 -r ce1c4d5e1576 inc/toolkit.inc.php
--- a/inc/toolkit.inc.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/inc/toolkit.inc.php	Sat Jan 05 16:25:49 2008 +0000
@@ -158,21 +158,22 @@
         if((!level(5) || !$userid) && !level(10) && !level(5))
         {
 		// First select the zones for which we have ownership on one or more records.
-		$query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$_SESSION['userid'].' AND records.id = record_owners.record_id';
+		$query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id';
 		$result = $db->query($query);
 		$zones = array();
 		if (!PEAR::isError($result)) {
 			$zones = $result->fetchCol();
 		}
 	
-                $sqlq .= " AND (zones.owner=".$_SESSION["userid"];
+                $sqlq .= " AND (zones.owner=".$db->quote($_SESSION["userid"]);
 		if (count($zones) > 0) {
 			$sqlq .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; 
 
 		}
 		$sqlq .= ')';
         }
-        $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." '^".$letter."' LIMIT 1";
+        $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter);
+		$db->setLimit(1);
         $result = $db->query($sqlq);
         $numrows = $result->numRows();
         if ( $numrows == "1" ) 
@@ -283,8 +284,9 @@
 	global $db;
 	if (is_numeric($zoneid) && is_numeric($_SESSION["level"]))
 	{
-		$result = $db->query("SELECT id FROM zones WHERE owner=".$_SESSION["userid"]." AND domain_id=$zoneid");
-		$result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$_SESSION["userid"]." AND records.domain_id = $zoneid AND records.id = record_owners.record_id LIMIT 1");
+		$result = $db->query("SELECT id FROM zones WHERE owner=".$db->quote($_SESSION["userid"])." AND domain_id=".$db->quote($zoneid));
+		$db->setLimit(1);
+		$result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$db->quote($_SESSION["userid"])." AND records.domain_id = ".$db->quote($zoneid)." AND records.id = record_owners.record_id");
 
                 if ($result->numRows() == 1 || $_SESSION["level"] >= 5)
                 {
diff -r dab0e9deeb67 -r ce1c4d5e1576 inc/users.inc.php
--- a/inc/users.inc.php	Thu Jan 03 23:04:46 2008 +0000
+++ b/inc/users.inc.php	Sat Jan 05 16:25:49 2008 +0000
@@ -29,10 +29,11 @@
 function show_users($id='',$rowstart=0,$rowamount=9999999)
 {
  	global $db;
+	$add = '';
  	if(is_numeric($id))
  	{
                  //When a user id is given, it is excluded from the userlist returned.
-                 $add = " WHERE users.id!=$id";
+                 $add = " WHERE users.id!=".$db->quote($id);
 	}
 
 	// Make a huge query.
@@ -54,10 +55,10 @@
 			users.level,
 			users.active
 		ORDER BY
-			users.fullname
-	 	LIMIT $rowamount OFFSET $rowstart";
+			users.fullname";
 
 	// Execute the huge query.
+	$db->setLimit($rowstart, $rowamount);
 	$result = $db->query($sqlq);
 	$ret = array();
 	$retcount = 0;
@@ -87,7 +88,7 @@
 	global $db;
 	if(is_numeric($id))
 	{
-		$result = $db->query("SELECT id FROM users WHERE id=$id");
+		$result = $db->query("SELECT id FROM users WHERE id=".$db->quote($id));
 		if ($result->numRows() == 1)
 		{
 			return true;
@@ -134,7 +135,7 @@
 function user_exists($user)
 {
 	global $db;
-	$result = $db->query("SELECT id FROM users WHERE username='$user'");
+	$result = $db->query("SELECT id FROM users WHERE username=".$db->quote($user));
 	if ($result->numRows() == 0)
 	{
                  return false;
@@ -159,7 +160,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=$id");
+		$result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=".$db->quote($id));
 		$r = $result->fetchRow();
 		return $r;
 	}
@@ -183,8 +184,8 @@
 	}
 	if (is_numeric($id))
 	{
-        	$db->query("DELETE FROM users WHERE id=$id");
-        	$db->query("DELETE FROM zones WHERE owner=$id");
+        	$db->query("DELETE FROM users WHERE id=".$db->quote($id));
+        	$db->query("DELETE FROM zones WHERE owner=".$db->quote($id));
         	return true;
         	// No need to check the affected rows. If the affected rows would be 0,
         	// the user isnt in the dbase, just as we want.
@@ -209,15 +210,12 @@
 	}
 	if (!user_exists($user))
 	{
-		// Might have to be changed.
-		// TODO probably.
-		$description = mysql_escape_string($description);
+		if (!is_valid_email($email)) 
+		{
+			error(ERR_INV_EMAIL);
+		}
 
-		// Clean up the fullname
-		$fullname = mysql_escape_string($fullname);
-		is_valid_email($email);
-
-		$db->query("INSERT INTO users (username, password, fullname, email, description, level, active) VALUES ('$user', '" . md5($password) . "', '$fullname', '$email', '$description', '$level', '$active')");
+		$db->query("INSERT INTO users (username, password, fullname, email, description, level, active) VALUES (".$db->quote($user).", '" . md5($password) . "', ".$db->quote($fullname).", ".$db->quote($email).", ".$db->quote($description).", ".$db->quote($level).", ".$db->quote($active).")");
 		return true;
 	}
 	else
@@ -238,23 +236,22 @@
 		error(ERR_LEVEL_10);
 	}
 
-  	// Might have to be changed.
-  	// TODO
-	$description = mysql_escape_string($description);
-	$fullname = mysql_escape_string($fullname);
-	is_valid_email($email);
+	if (!is_valid_email($email)) 
+	{
+		error(ERR_INV_EMAIL);
+	}
 
-	$sqlquery = "UPDATE users set username='$user', fullname='$fullname', email='$email', level=$level, description='$description', active=$active ";
+	$sqlquery = "UPDATE users set username=".$db->quote($user).", fullname=".$db->quote($fullname).", email=".$db->quote($email).", level=".$db->quote($level).", description=".$db->quote($description).", active=".$db->quote($active);
 
 	if($password != "")
 	{
 		$sqlquery .= ", password= '" . md5($password) . "' ";
 	}
 
-	$sqlquery .= "where id=$id" ;
+	$sqlquery .= " WHERE id=".$db->quote($id) ;
 
   	// Search the username that right now goes with this ID.
-	$result = $db->query("SELECT username from users where id=$id");
+	$result = $db->query("SELECT username from users where id=".$db->quote($id));
 	$r = array();
 	$r = $result->fetchRow();
 
@@ -268,7 +265,7 @@
 
   	// Its not.. so the user wants to change.
   	// Find if there is an id that has the wished username.
-  	$otheruser = $db->query("SELECT id from users where username='$user'");
+  	$otheruser = $db->query("SELECT id from users where username=".$db->query($user));
   	if($otheruser->numRows() > 0)
   	{
   		error(ERR_USER_EXIST);
@@ -299,7 +296,7 @@
 	}
 
 	// Retrieve the users password.
-	$result = $db->query("SELECT password, id FROM users WHERE username='". $_SESSION["userlogin"]  ."'");
+	$result = $db->query("SELECT password, id FROM users WHERE username=".$db->quote($_SESSION["userlogin"]));
 	$rinfo = $result->fetchRow();
 
 	// Check the current password versus the database password and execute the update.
@@ -327,7 +324,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT fullname FROM users WHERE id=$id");
+		$result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));
 		$r = $result->fetchRow();
 		return $r["fullname"];
 	}
@@ -347,7 +344,7 @@
 	global $db;
 	if (is_numeric($id))
 	{
-		$result = $db->query("SELECT fullname FROM users WHERE id=$id");
+		$result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));
 		if ($result->numRows() == 1)
 		{
 			$r = $result->fetchRow();
@@ -373,7 +370,7 @@
       global $db;
       if (is_numeric($id))
       {
-              $result = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=$id AND zones.owner=users.id ORDER by fullname");
+              $result = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id)." AND zones.owner=users.id ORDER by fullname");
               if ($result->numRows() == 0)
               {
 		      return "";