From f34f3c95bd5a10dae741c4413a37c16fceb74a00 Mon Sep 17 00:00:00 2001
From: Frank Dillon <frank@plainblack.com>
Date: Mon, 22 May 2006 23:02:00 +0000
Subject: [PATCH] removed $db->quote and used prepared statement

---
 lib/WebGUI/Asset/Wobject/EventManagementSystem.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
index 748a7397a..48f18ea19 100644
--- a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
+++ b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
@@ -2167,7 +2167,7 @@ sub www_addEventsToBadge {
 	my $bid = $self->session->form->process('bid') || 'none';
 	my $eventId = $self->session->form->process('eventId');
 	unless ($bid eq 'none') {
-		my ($userId,$createdByUserId) = $self->session->db->quickArray("select userId, createdByUserId from EventManagementSystem_badges where badgeId=".quote($bid));
+		my ($userId,$createdByUserId) = $self->session->db->quickArray("select userId, createdByUserId from EventManagementSystem_badges where badgeId=?",[$bid]);
 	    unless($isAdmin || $userId eq $self->session->user->userId || $createdByUserId eq $self->session->user->userId) {
 	      return $self->session->privilege->insufficient();
 	    }