$sql="SELECT user_id,user_name,lastname,firstname FROM users ";
if ($sys_database_type == "mysql") {
- $sql.="WHERE status='A' and type_id='1' and lastname LIKE '$sw%' ";
+ $sql.="WHERE status='A' and type_id='1' and lastname LIKE $1 ";
} else {
- $sql.="WHERE status='A' and type_id='1' and lastname ILIKE '$sw%' ";
+ $sql.="WHERE status='A' and type_id='1' and lastname ILIKE $1 ";
}
-$res=db_query($sql);
+$res=db_query_params($sql, array($sw."%");
$accumulated_ids = getStringFromRequest('accumulated_ids');
if (!$accumulated_ids) {