From 689197f872f7efe673e6b240b0e32773c6ee82da Mon Sep 17 00:00:00 2001
From: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com>
Date: Mon, 19 Sep 2022 09:56:09 +0100
Subject: [PATCH] FIX: Sanitize and bind service listing (#11769)

* sanitizing and binding service listing queries

* removing var casting
---
 .../configObject/service/listServiceByHost.php       | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/www/include/configuration/configObject/service/listServiceByHost.php b/www/include/configuration/configObject/service/listServiceByHost.php
index e2181452d4e..e5cc23fb00e 100644
--- a/www/include/configuration/configObject/service/listServiceByHost.php
+++ b/www/include/configuration/configObject/service/listServiceByHost.php
@@ -245,14 +245,16 @@
 
 $centreonToken = createCSRFToken();
 
+$statement = $pearDB->prepare(
+    "SELECT COUNT(*) FROM host_service_relation WHERE service_service_id = :service_id"
+);
 for ($i = 0; $service = $dbResult->fetch(); $i++) {
     //Get Number of Hosts linked to this one.
-    $dbResult2 = $pearDB->query(
-        "SELECT COUNT(*) FROM host_service_relation WHERE service_service_id = '" . $service["service_id"] . "'"
-    );
-    $data = $dbResult2->fetch();
+    $statement->bindValue(':service_id', $service["service_id"], \PDO::PARAM_INT);
+    $statement->execute();
+    $data = $statement->fetch(\PDO::FETCH_ASSOC);
     $service["nbr"] = $data["COUNT(*)"];
-    $dbResult2->closeCursor();
+    $statement->closeCursor();
     unset($data);
 
     /**