From 3d58bf28a38ccf39d2af77fca400a8fbc675caca Mon Sep 17 00:00:00 2001
From: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Date: Mon, 29 Aug 2022 13:48:10 +0100
Subject: [PATCH] =?UTF-8?q?query=20sanitized=20in=20listServiceCategories?=
 =?UTF-8?q?=C3=83=20(#11597)=20(#11633)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service_categories/listServiceCategories.php          | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/www/include/configuration/configObject/service_categories/listServiceCategories.php b/www/include/configuration/configObject/service_categories/listServiceCategories.php
index 6db22ec44ea..5826517d427 100644
--- a/www/include/configuration/configObject/service_categories/listServiceCategories.php
+++ b/www/include/configuration/configObject/service_categories/listServiceCategories.php
@@ -119,12 +119,12 @@
 $elemArr = array();
 $centreonToken = createCSRFToken();
 
+$statement = $pearDB->prepare("SELECT COUNT(*) FROM `service_categories_relation` WHERE `sc_id` = :sc_id");
 for ($i = 0; $sc = $dbResult->fetch(); $i++) {
     $moptions = "";
-    $dbResult2 = $pearDB->query(
-        "SELECT COUNT(*) FROM `service_categories_relation` WHERE `sc_id` = '" . $sc['sc_id'] . "'"
-    );
-    $nb_svc = $dbResult2->fetch();
+    $statement->bindValue(':sc_id', (int) $sc['sc_id'], \PDO::PARAM_INT);
+    $statement->execute();
+    $nb_svc = $statement->fetch();
 
     $selectedElements = $form->addElement('checkbox', "select[" . $sc['sc_id'] . "]");