|
@@ -174,7 +174,7 @@ class abook_database extends addressbook_backend {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
$query = sprintf("SELECT * FROM %s WHERE owner='%s' AND nickname='%s'",
|
|
$query = sprintf("SELECT * FROM %s WHERE owner='%s' AND nickname='%s'",
|
|
|
- $this->table, $this->owner, $alias);
|
|
|
|
|
|
|
+ $this->table, $this->owner, $this->dbh->quoteString($alias));
|
|
|
|
|
|
|
|
$res = $this->dbh->query($query);
|
|
$res = $this->dbh->query($query);
|
|
|
|
|
|
stekkel