diff --git a/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php b/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php
index 1bdc4218a49782522580d07c942e280812fd0fb1..495a6b337a4e2ffd5213ee6ab2d5d9d1a23aa244 100644
--- a/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php
+++ b/www/include/reporting/dashboard/xmlInformations/GetXmlHost.php
@@ -69,11 +69,9 @@ if (isset($_GET["id"]) && isset($_GET["color"])) {
}
if ($accessHost) {
- $DBRESULT = $pearDBO->query(
- "SELECT * FROM `log_archive_host` WHERE host_id = '"
- . $pearDBO->escape($_GET["id"])
- . "' order by date_start desc"
- );
+ $query = 'SELECT * FROM `log_archive_host` WHERE host_id = ? ORDER BY date_start DESC';
+ $stmt = $pearDBO->prepare($query);
+ $DBRESULT = $pearDBO->execute($stmt, array($_GET['id']));
while ($row = $DBRESULT->fetchRow()) {
fillBuffer($statesTab, $row, $color);
}
diff --git a/www/include/reporting/dashboard/xmlInformations/GetXmlService.php b/www/include/reporting/dashboard/xmlInformations/GetXmlService.php
index 43c323bfe9deffd46a0b0de027ade27ce156bf19..1f029de9132a5bcb6ebe6ed3bdebcf0966f77967 100644
--- a/www/include/reporting/dashboard/xmlInformations/GetXmlService.php
+++ b/www/include/reporting/dashboard/xmlInformations/GetXmlService.php
@@ -68,11 +68,9 @@ if (isset($_GET["host_id"]) && isset($_GET["id"]) && isset($_GET["color"])) {
}
if ($accessService) {
- $DBRESULT = $pearDBO->query(
- "SELECT * FROM `log_archive_service` WHERE host_id = '".
- $pearDBO->escape($_GET["host_id"])."' AND service_id = '".
- $pearDBO->escape($_GET["id"])."' ORDER BY `date_start` DESC"
- );
+ $query = 'SELECT * FROM `log_archive_service` WHERE host_id = ? AND service_id = ? ORDER BY date_start DESC';
+ $stmt = $pearDBO->prepare($query);
+ $DBRESULT = $pearDBO->execute($stmt, array($_GET['host_id'], $_GET['id']));
while ($row = $DBRESULT->fetchRow()) {
fillBuffer($statesTab, $row, $color);
}