diff --git a/CRM/Report/Page/InstanceList.php b/CRM/Report/Page/InstanceList.php index f61458202209..663baa8afe39 100644 --- a/CRM/Report/Page/InstanceList.php +++ b/CRM/Report/Page/InstanceList.php @@ -85,8 +85,11 @@ class CRM_Report_Page_InstanceList extends CRM_Core_Page { public function info() { $report = ''; + $queryParams = array(); + if ($this->ovID) { - $report .= " AND v.id = {$this->ovID} "; + $report .= " AND v.id = %1 "; + $queryParams[1] = array($this->ovID, 'Integer'); } if ($this->compID) { @@ -95,7 +98,8 @@ public function info() { $this->_compName = 'Contact'; } else { - $report .= " AND v.component_id = {$this->compID} "; + $report .= " AND v.component_id = %2 "; + $queryParams[2] = array($this->compID, 'Integer'); $cmpName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Component', $this->compID, 'name', 'id' ); @@ -106,10 +110,12 @@ public function info() { } } elseif ($this->grouping) { - $report .= " AND v.grouping = '{$this->grouping}' "; + $report .= " AND v.grouping = %3 "; + $queryParams[3] = array($this->grouping, 'String'); } elseif ($this->myReports) { - $report .= " AND inst.owner_id = " . CRM_Core_Session::getLoggedInContactID(); + $report .= " AND inst.owner_id = %4 "; + $queryParams[4] = array(CRM_Core_Session::getLoggedInContactID(), 'Integer'); } $sql = " @@ -129,12 +135,11 @@ public function info() { ON v.component_id = comp.id WHERE v.is_active = 1 {$report} - AND inst.domain_id = %1 + AND inst.domain_id = %9 ORDER BY v.weight ASC, inst.title ASC"; + $queryParams[9] = array(CRM_Core_Config::domainID(), 'Integer'); - $dao = CRM_Core_DAO::executeQuery($sql, array( - 1 => array(CRM_Core_Config::domainID(), 'Integer'), - )); + $dao = CRM_Core_DAO::executeQuery($sql, $queryParams); $config = CRM_Core_Config::singleton(); $rows = array();