Browse code

Weitere Umstellungen auf prepared statements

Bernd Wurst authored on03/02/2014 20:49:24
Showing7 changed files
... ...
@@ -39,6 +39,13 @@ class DB extends PDO {
39 39
   */
40 40
   function query($stmt, $params = NULL) {
41 41
     if (is_array($params)) {
42
+      if (config("enable_debug")) {
43
+        foreach (array_values($params) as $p) {
44
+          if ($p === '') {
45
+            warning("Potential bug, empty string found in database parameters");
46
+          }
47
+        }
48
+      }
42 49
       $response = parent::prepare($stmt);
43 50
       $response->execute($params);
44 51
       return $response;
... ...
@@ -71,8 +71,7 @@ if (isset($_GET['action']) && $_GET['action'] == 'save')
71 71
     $error = check_valid($acc);
72 72
     if ($error != "")
73 73
     {
74
-      input_error($error);
75
-      output("");
74
+      system_failure($error);
76 75
     }
77 76
     else
78 77
     {
... ...
@@ -77,9 +77,9 @@ function change_mailaccount($id, $arr)
77 77
   if (isset($arr['mailbox'])) {
78 78
     array_push($conditions, "`maildir`=:maildir");
79 79
     if ($arr['mailbox'] == '')
80
-      $values[":mailbox"] = NULL;
80
+      $values[":maildir"] = NULL;
81 81
     else
82
-      $values[":mailbox"] = $arr['mailbox'];
82
+      $values[":maildir"] = $arr['mailbox'];
83 83
   }
84 84
 
85 85
   if (isset($arr['password']))
... ...
@@ -131,7 +131,7 @@ function create_mailaccount($arr)
131 131
     if ($arr['mailbox'] == '')
132 132
       $values[':maildir'] = NULL;
133 133
     else
134
-      $values[':maildir']= $arr['mailbox'];
134
+      $values[':maildir'] = $arr['mailbox'];
135 135
 
136 136
 
137 137
   if (isset($arr['password']))
... ...
@@ -17,7 +17,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 function whitelist_entries() 
18 18
 {
19 19
 	$uid = (int) $_SESSION['userinfo']['uid'];
20
-	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid};");
20
+	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid=?", array($uid));
21 21
 	$return = array();
22 22
 	while ($line = $res->fetch())
23 23
 		array_push($return, $line);
... ...
@@ -27,9 +27,9 @@ function whitelist_entries()
27 27
 
28 28
 function get_whitelist_details($id)
29 29
 {
30
-	$id = (int) $id;
31
-	$uid = (int) $_SESSION['userinfo']['uid'];
32
-	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid={$uid} AND id={$id};");
30
+  $args = array(":id" => $id,
31
+                ":uid" => $_SESSION['userinfo']['uid']);
32
+	$res = db_query("SELECT id,local,domain,date,expire FROM mail.greylisting_manual_whitelist WHERE uid=:uid AND id=:id", $args);
33 33
 	if ($res->rowCount() != 1)
34 34
 		system_failure('Kann diesen Eintrag nicht finden');
35 35
 	return $res->fetch();
... ...
@@ -42,7 +42,7 @@ function delete_from_whitelist($id)
42 42
 	// Check if the ID is valid: This will die if not.
43 43
 	$entry = get_whitelist_details($id);
44 44
 
45
-	db_query("DELETE FROM mail.greylisting_manual_whitelist WHERE id={$id} LIMIT 1;");
45
+	db_query("DELETE FROM mail.greylisting_manual_whitelist WHERE id=?", array($id));
46 46
 }
47 47
 
48 48
 
... ...
@@ -55,8 +55,9 @@ function valid_entry($local, $domain)
55 55
 			system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!');
56 56
 		return true;
57 57
 	}
58
-	$d = db_escape_string($domain);
59
-	$res = db_query("SELECT id FROM mail.v_domains WHERE domainname='{$d}' AND user={$_SESSION['userinfo']['uid']} LIMIT 1");
58
+  $args = array(":domain" => $domain,
59
+                ":uid" => $_SESSION['userinfo']['uid']);
60
+	$res = db_query("SELECT id FROM mail.v_domains WHERE domainname=:domain AND user=:uid", $args);
60 61
 	if ($res->rowCount() != 1)
61 62
 		system_failure('Diese domain gehört Ihnen nicht!');
62 63
 	return true;
... ...
@@ -66,17 +67,19 @@ function valid_entry($local, $domain)
66 67
 function new_whitelist_entry($local, $domain, $minutes)
67 68
 {
68 69
 	valid_entry($local, $domain);
69
-	$uid = (int) $_SESSION['userinfo']['uid'];
70
-	$local = maybe_null($local);
71
-	$domain = db_escape_string($domain);
70
+  $args = array(":uid" => $_SESSION['userinfo']['uid'],
71
+                ":local" => $local,
72
+                ":domain" => $domain);
72 73
 	
73
-	$expire = '';
74
-	if ($minutes == 'none')
74
+	$expire = 'NULL';
75
+	if ($minutes == 'none') {
75 76
 		$expire = 'NULL';
76
-	else
77
-		$expire = "NOW() + INTERVAL ". (int) $minutes ." MINUTE";
77
+  }	else {
78
+    $args[':minutes'] = $minutes;
79
+		$expire = "NOW() + INTERVAL :minutes MINUTE";
80
+  }
78 81
 	db_query("INSERT INTO mail.greylisting_manual_whitelist (local,domain,date,expire,uid) VALUES ".
79
-	         "({$local}, '{$domain}', NOW(), {$expire}, $uid);");
82
+	         "(:local, :domain, NOW(), {$expire}, :uid)", $args);
80 83
 }
81 84
 
82 85
 
... ...
@@ -22,7 +22,7 @@ require_once('class/domain.php');
22 22
 function get_jabber_accounts() {
23 23
   require_role(ROLE_CUSTOMER);
24 24
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
25
-  $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
25
+  $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno=? AND `delete`=0", array($customerno));
26 26
   $accounts = array();
27 27
   if (@$result->rowCount() > 0)
28 28
     while ($acc = @$result->fetch())
... ...
@@ -35,11 +35,10 @@ function get_jabber_accounts() {
35 35
 function get_jabberaccount_details($id)
36 36
 {
37 37
   require_role(ROLE_CUSTOMER);
38
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
39
-
40
-  $id = (int) $id;
38
+  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
39
+                ":id" => $id);
41 40
 
42
-  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
41
+  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno=:customerno AND id=:id", $args);
43 42
   if ($result->rowCount() != 1)
44 43
     system_failure("Invalid account");
45 44
   $data = $result->fetch();
... ...
@@ -69,20 +68,20 @@ function valid_jabber_password($pass)
69 68
 function create_jabber_account($local, $domain, $password)
70 69
 {
71 70
   require_role(ROLE_CUSTOMER);
72
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
73
-
74
-  $local = db_escape_string( filter_input_username($local) );
75
-  $domain = (int) $domain;
71
+  $data = array(":customerno" => $_SESSION['customerinfo']['customerno'],
72
+                ":local" => filter_input_username($local),
73
+                ":domain" => $domain);
76 74
   if (! valid_jabber_password($password))
77 75
   {
78 76
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
79 77
     return;
80 78
   }
81
-  $password = db_escape_string( $password );
79
+  $data[':password'] = $password;
82 80
   
83 81
   if ($domain > 0)
84 82
   {
85
-    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
83
+    $args = array(":domain" => $data[":domain"], ":customerno" => $data[":customerno"]);
84
+    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde=:customerno AND jabber=1 AND id=:domain", $args);
86 85
     if ($result->rowCount() == 0)
87 86
     {
88 87
       logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
... ...
@@ -90,20 +89,22 @@ function create_jabber_account($local, $domain, $password)
90 89
     }
91 90
   }
92 91
 
93
-  $domainquery = "domain={$domain}";
92
+  $args = array(":domain" => $data[":domain"], ":local" => $data[":local"]);
93
+  $domainquery = "domain=:domain";
94 94
   if ($domain == 0)
95 95
   {
96
-    $domain = 'NULL';
96
+    unset($args[":domain"]);
97
+    $data[":domain"] = NULL;
97 98
     $domainquery = 'domain IS NULL'; 
98 99
   }
99
-  $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
100
+  $result = db_query("SELECT id FROM jabber.accounts WHERE local=:local AND {$domainquery}", $args);
100 101
   if ($result->rowCount() > 0)
101 102
   {
102 103
     logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
103 104
     system_failure("Diesen Account gibt es bereits!");
104 105
   }
105 106
 
106
-  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
107
+  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES (:customerno, :local, :domain, :password);", $data);
107 108
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
108 109
 }
109 110
 
... ...
@@ -112,16 +113,16 @@ function create_jabber_account($local, $domain, $password)
112 113
 function change_jabber_password($id, $password)
113 114
 {
114 115
   require_role(ROLE_CUSTOMER);
115
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
116
-  $id = (int) $id;
117 116
   if (! valid_jabber_password($password))
118 117
   {
119 118
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
120 119
     return;
121 120
   }
122
-  $password = db_escape_string( $password );
121
+  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
122
+                ":id" => $id,
123
+                ":password" => $password);
123 124
   
124
-  db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
125
+  db_query("UPDATE jabber.accounts SET password=:password WHERE customerno=:customerno AND id=:id", $args);
125 126
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
126 127
 }
127 128
 
... ...
@@ -130,11 +131,11 @@ function change_jabber_password($id, $password)
130 131
 function delete_jabber_account($id)
131 132
 {
132 133
   require_role(ROLE_CUSTOMER);
133
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
134
-
135
-  $id = (int) $id;
134
+  
135
+  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
136
+                ":id" => $id);
136 137
 
137
-  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
138
+  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno=:customerno AND id=:id", $args);
138 139
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
139 140
 }
140 141
 
... ...
@@ -143,7 +144,7 @@ function new_jabber_domain($id)
143 144
 {
144 145
   $d = new Domain( (int) $id );
145 146
   $d->ensure_customerdomain();
146
-  db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id={$d->id} LIMIT 1");
147
+  db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id=?", array($d->id));
147 148
 }
148 149
 
149 150
 
... ...
@@ -22,7 +22,7 @@ require_once('inc/security.php');
22 22
 function get_lists()
23 23
 {
24 24
   $uid = (int) $_SESSION['userinfo']['uid'];
25
-  $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid};");
25
+  $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner=?", array($uid));
26 26
   $ret = array();
27 27
   while ($list = $result->fetch())
28 28
     $ret[] = $list;
... ...
@@ -33,9 +33,9 @@ function get_lists()
33 33
 
34 34
 function get_list($id)
35 35
 {
36
-  $id = (int) $id;
37
-  $uid = (int) $_SESSION['userinfo']['uid'];
38
-  $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner={$uid} AND id={$id};");
36
+  $args = array(":id" => $id,
37
+                ":uid" => $_SESSION['userinfo']['uid']);
38
+  $result = db_query("SELECT id, status, listname, fqdn, admin, archivesize FROM mail.v_mailman_lists WHERE owner=:uid AND id=:id", $args);
39 39
   if ($result->rowCount() < 1)
40 40
     system_failure('Die gewünschte Mailingliste konnte nicht gefunden werden');
41 41
   $list = $result->fetch();
... ...
@@ -47,26 +47,28 @@ function get_list($id)
47 47
 
48 48
 function delete_list($id)
49 49
 {
50
-  $uid = (int) $_SESSION['userinfo']['uid'];
51
-  $id = (int) $id;
52
-  db_query("UPDATE mail.mailman_lists SET status='delete' WHERE owner={$uid} AND id={$id};");
50
+  $args = array(":id" => $id,
51
+                ":uid" => $_SESSION['userinfo']['uid']);
52
+  db_query("UPDATE mail.mailman_lists SET status='delete' WHERE owner=:uid AND id=:id", $args);
53 53
 }
54 54
 
55 55
 
56 56
 function create_list($listname, $maildomain, $admin)
57 57
 {
58 58
   verify_input_username($listname);
59
-  $maildomain = maybe_null( (int) $maildomain );
60
-  $owner = (int) $_SESSION['userinfo']['uid'];
61 59
   verify_input_general($admin);
62 60
   if (! check_emailaddr($admin))
63 61
     system_failure('Der Verwalter muss eine gültige E-Mail-Adresse sein ('.$admin.').');
64
-  $admin = db_escape_string($admin);
65
-  $result = db_query("SELECT id FROM mail.mailman_lists WHERE listname='{$listname}'");
62
+  $result = db_query("SELECT id FROM mail.mailman_lists WHERE listname=?", array($listname));
66 63
   if ($result->rowCount() > 0)
67 64
     system_failure('Eine Liste mit diesem Namen existiert bereits (unter dieser oder einer anderen Domain). Jeder Listenname kann nur einmal verwendet werden.');
68 65
 
69
-  db_query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', '{$listname}', {$maildomain}, {$owner}, '{$admin}');");
66
+  $args = array(":listname" => $listname,
67
+                ":maildomain" => $maildomain,
68
+                ":owner" => $_SESSION['userinfo']['uid'],
69
+                ":admin" => $admin);
70
+
71
+  db_query("INSERT INTO mail.mailman_lists (status, listname, maildomain, owner, admin) VALUES ('pending', :listname, :maildomain, :owner, :admin)", $args);
70 72
   DEBUG('Neue ID: '.db_insert_id());
71 73
 }
72 74
 
... ...
@@ -74,7 +76,7 @@ function create_list($listname, $maildomain, $admin)
74 76
 function get_mailman_domains()
75 77
 {
76 78
   $uid = (int) $_SESSION['userinfo']['uid'];
77
-  $result = db_query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user={$uid}");
79
+  $result = db_query("SELECT md.id, md.fqdn FROM mail.v_mailman_domains AS md left join mail.v_domains AS d on (d.id=md.domain) where d.user=?", array($uid));
78 80
   $ret = array();
79 81
   while ($dom = $result->fetch())
80 82
     $ret[] = $dom;
... ...
@@ -16,8 +16,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 function account_has_totp($username)
18 18
 {
19
-  $username = db_escape_string($username);
20
-  $result = db_query("SELECT id FROM mail.webmail_totp WHERE email='{$username}'");
19
+  $result = db_query("SELECT id FROM mail.webmail_totp WHERE email=?", array($username));
21 20
   if ($result->rowCount() > 0) {
22 21
     $tmp = $result->fetch();
23 22
     $id = $tmp['id'];
... ...
@@ -31,8 +30,8 @@ function account_has_totp($username)
31 30
 
32 31
 function validate_password($username, $password) 
33 32
 {
34
-  $username = db_escape_string($username);
35
-  $result = db_query("SELECT account, cryptpass FROM mail.courier_mailaccounts WHERE account='{$username}' UNION SELECT account, cryptpass FROM mail.courier_virtual_accounts WHERE account='{$username}'");
33
+  $args[":username"] = $username;
34
+  $result = db_query("SELECT account, cryptpass FROM mail.courier_mailaccounts WHERE account=:username UNION SELECT account, cryptpass FROM mail.courier_virtual_accounts WHERE account=:username", $args);
36 35
   if ($result->rowCount() != 1) {
37 36
     // Kein Account mit dem Namen oder Name nicht eindeutig
38 37
     return false;
... ...
@@ -58,12 +57,12 @@ function store_webmail_password($username, $oldpw, $newpw)
58 57
   for ($i = 0 ; $i != strlen($oldpw) ; $i++) {
59 58
     $code .= chr( ord($oldpw[$i]) ^ ord($secret[$i]) );
60 59
   }
61
-  $code = base64_encode($code);
62
-  DEBUG(array($oldpw, $newpw, $code));
60
+  DEBUG(array($oldpw, $newpw));
61
+  $args = array(":uid" => $_SESSION['userinfo']['uid'],
62
+                ":username" => $username,
63
+                ":code" => base64_encode($code));
63 64
 
64
-  $uid = (int) $_SESSION['userinfo']['uid'];
65
-
66
-  db_query("REPLACE INTO mail.webmail_totp (useraccount, email, webmailpass) VALUES ({$uid}, '{$username}', '{$code}')");
65
+  db_query("REPLACE INTO mail.webmail_totp (useraccount, email, webmailpass) VALUES (:uid, :username, :code)", $args);
67 66
 }
68 67
 
69 68
 
... ...
@@ -87,8 +86,7 @@ function decode_webmail_password($crypted, $webmailpw)
87 86
 
88 87
 
89 88
 function get_imap_password($username, $webmailpass) {
90
-  $username = db_escape_string($username);
91
-  $result = db_query("SELECT webmailpass FROM mail.webmail_totp WHERE email='{$username}'");
89
+  $result = db_query("SELECT webmailpass FROM mail.webmail_totp WHERE email=?", array($username));
92 90
   $tmp = $result->fetch();
93 91
   
94 92
   $crypted = $tmp['webmailpass'];
... ...
@@ -107,21 +105,20 @@ function check_webmail_password($username, $webmailpass)
107 105
 
108 106
 function generate_secret($username)
109 107
 {
110
-  $username = db_escape_string($username);
111 108
   require_once('external/googleauthenticator/GoogleAuthenticator.php');
112 109
   $ga = new PHPGangsta_GoogleAuthenticator();
113 110
   
114 111
   $secret = $ga->createSecret();
115 112
   DEBUG('GA-Secret: '.$secret);
116 113
   DEBUG('QrCode: '.$ga->getQRCodeGoogleUrl('Blog', $secret));
117
-  db_query("UPDATE mail.webmail_totp SET totp_secret='{$secret}' WHERE email='{$username}'");
114
+  $args = array(":secret" => $secret, ":username" => $username);
115
+  db_query("UPDATE mail.webmail_totp SET totp_secret=:secret WHERE email=:username", $args);
118 116
   return $secret;
119 117
 }
120 118
 
121 119
 function check_locked($username) 
122 120
 {
123
-  $username = db_escape_string($username);
124
-  $result = db_query("SELECT 1 FROM mail.webmail_totp WHERE unlock_timestamp IS NOT NULL and unlock_timestamp > NOW() AND email='{$username}'");
121
+  $result = db_query("SELECT 1 FROM mail.webmail_totp WHERE unlock_timestamp IS NOT NULL and unlock_timestamp > NOW() AND email=?", array($username));
125 122
   return ($result->rowCount() > 0);
126 123
 }
127 124
 
... ...
@@ -131,9 +128,7 @@ function check_totp($username, $code) {
131 128
     return false;
132 129
   }
133 130
 
134
-  $username = db_escape_string($username);
135
-
136
-  $result = db_query("SELECT totp_secret, failures FROM mail.webmail_totp WHERE email='{$username}' AND (unlock_timestamp IS NULL OR unlock_timestamp <= NOW())");
131
+  $result = db_query("SELECT totp_secret, failures FROM mail.webmail_totp WHERE email=? AND (unlock_timestamp IS NULL OR unlock_timestamp <= NOW())", array($username));
137 132
   $tmp = $result->fetch();
138 133
   $secret = $tmp['totp_secret'];
139 134
 
... ...
@@ -147,9 +142,9 @@ function check_totp($username, $code) {
147 142
     DEBUG('OK');
148 143
   } else {
149 144
     if ($tmp['failures'] > 0 && $tmp['failures'] % 5 == 0) {
150
-      db_query("UPDATE mail.webmail_totp SET failures = failures+1, unlock_timestamp = NOW() + INTERVAL 5 MINUTE WHERE email='{$username}'");
145
+      db_query("UPDATE mail.webmail_totp SET failures = failures+1, unlock_timestamp = NOW() + INTERVAL 5 MINUTE WHERE email=?", array($username));
151 146
     } else {
152
-      db_query("UPDATE mail.webmail_totp SET failures = failures+1 WHERE email='{$username}'");
147
+      db_query("UPDATE mail.webmail_totp SET failures = failures+1 WHERE email=?", array($username));
153 148
     }
154 149
     
155 150
     DEBUG('FAILED');
... ...
@@ -194,9 +189,9 @@ function generate_qrcode_image($secret) {
194 189
 
195 190
 function accountname($id) 
196 191
 {
197
-  $id = (int) $id;
198
-  $uid = (int) $_SESSION['userinfo']['uid'];
199
-  $result = db_query("SELECT email FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}");
192
+  $args = array(":id" => $id,
193
+                ":uid" => $_SESSION['userinfo']['uid']);
194
+  $result = db_query("SELECT email FROM mail.webmail_totp WHERE id=:id AND useraccount=:uid", $args);
200 195
   if ($tmp = $result->fetch()) {
201 196
     return $tmp['email'];
202 197
   }
... ...
@@ -205,26 +200,24 @@ function accountname($id)
205 200
 
206 201
 function delete_totp($id) 
207 202
 {
208
-  $id = (int) $id;
209
-  $uid = (int) $_SESSION['userinfo']['uid'];
203
+  $args = array(":id" => $id,
204
+                ":uid" => $_SESSION['userinfo']['uid']);
210 205
   
211
-  db_query("DELETE FROM mail.webmail_totp WHERE id={$id} AND useraccount={$uid}");
206
+  db_query("DELETE FROM mail.webmail_totp WHERE id=:id AND useraccount=:uid", $args);
212 207
 }
213 208
 
214 209
 
215 210
 function blacklist_token($email, $token)
216 211
 {
217
-  $email = db_escape_string($email);
218
-  $token = db_escape_string($token);
219
-  db_query("INSERT INTO mail.webmail_totp_blacklist (timestamp, email, token) VALUES (NOW(), '{$email}', '{$token}')");
212
+  $args = array(":email" => $email, ":token" => $token);
213
+  db_query("INSERT INTO mail.webmail_totp_blacklist (timestamp, email, token) VALUES (NOW(), :email, :token)", $args);
220 214
 }
221 215
 
222 216
 function check_blacklist($email, $token)
223 217
 {
224
-  $email = db_escape_string($email);
225
-  $token = db_escape_string($token);
218
+  $args = array(":email" => $email, ":token" => $token);
226 219
   db_query("DELETE FROM mail.webmail_totp_blacklist WHERE timestamp < NOW() - INTERVAL 10 MINUTE");
227
-  $result = db_query("SELECT id FROM mail.webmail_totp_blacklist WHERE email='{$email}' AND token='{$token}'");
220
+  $result = db_query("SELECT id FROM mail.webmail_totp_blacklist WHERE email=:email AND token=:token", $args);
228 221
   return ($result->rowCount() > 0);
229 222
 }
230 223