Database class integration.

app/call_center_active/call_center_active_inc.php

@@ -49,11 +49,11 @@
 //get the queues from the database
 	if (!is_array($_SESSION['queues'])) {
 		$sql = "select * from v_call_center_queues ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "order by queue_name ASC ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$_SESSION['queues'] = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "order by queue_name asc ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$database = new database;
+		$_SESSION['queues'] = $database->select($sql, $parameters, 'all');
 	}
 
 //get the queue name
@@ -150,11 +150,11 @@
 			//get the agents from the database
 				if (!is_array($_SESSION['agents'])) {
 					$sql = "select * from v_call_center_agents ";
-					$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-					$sql .= "order by agent_name ASC ";
-					$prep_statement = $db->prepare(check_sql($sql));
-					$prep_statement->execute();
-					$_SESSION['agents'] = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+					$sql .= "where domain_uuid = :domain_uuid ";
+					$sql .= "order by agent_name asc ";
+					$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+					$database = new database;
+					$_SESSION['agents'] = $database->select($sql, $parameters, 'all');
 				}
 
 			//list the agents

app/call_center_active/call_center_queue.php

@@ -50,21 +50,6 @@
 	$order_by = $_GET["order_by"];
 	$order = $_GET["order"];
 
-//validate order by
-	if (strlen($order_by) > 0) {
-		$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
-	}
-
-//validate the order
-	switch ($order) {
-		case 'asc':
-			break;
-		case 'desc':
-			break;
-		default:
-			$order = '';
-	}
-
 //show the content
 	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
 	echo "<tr>\n";
@@ -82,7 +67,6 @@
 	//get the call center queue count
 	$sql = "select count(*) from v_call_center_queues ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; }
 	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$database = new database;
 	$num_rows = $database->select($sql, $parameters, 'column');
@@ -98,12 +82,10 @@
 	//get the call center queues
 	$sql = "select * from v_call_center_queues ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	if (strlen($order_by) > 0) { $sql .= "order by $order_by $order "; }
-	$sql .= " limit :rows_per_page offset :offset ";
+	$sql .= order_by($order_by, $order);
+	$sql .= limit_offset($rows_per_page, $offset);
 	$database = new database;
 	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-	$parameters['rows_per_page'] = $rows_per_page;
-	$parameters['offset'] = $offset;
 	$call_center_queues = $database->select($sql, $parameters, 'all');
 
 	$c = 0;

app/call_centers/call_center_agent_dashboard.php

@@ -51,21 +51,6 @@
 	$order_by = $_GET["order_by"];
 	$order = $_GET["order"];
 
-//validate order by
-	if (strlen($order_by) > 0) {
-		$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
-	}
-
-//validate the order
-	switch ($order) {
-		case 'asc':
-			break;
-		case 'desc':
-			break;
-		default:
-			$order = '';
-	}
-
 //setup the event socket connection
 	$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
 
@@ -81,12 +66,15 @@
 					if ($fp) {
 						//set the user_status
 							$sql  = "update v_users set ";
-							$sql .= "user_status = '".$row['agent_status']."' ";
-							$sql .= "where domain_uuid = '".$domain_uuid."' ";
-							$sql .= "and username = '".$row['agent_name']."' ";
-							//echo $sql."\n";
-							//$prep_statement = $db->prepare(check_sql($sql));
-							//$prep_statement->execute();
+							$sql .= "user_status = :user_status ";
+							$sql .= "where domain_uuid = :domain_uuid ";
+							$sql .= "and username = :username ";
+							$parameters['user_status'] = $row['agent_status'];
+							$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+							$parameters['username'] = $row['agent_name'];
+							//$database = new database;
+							//$database->execute($sql, $parameters);
+							//unset($sql, $parameters);
 
 						//set the agent status to available and assign the agent to the queue with the tier
 							if ($row['agent_status'] == 'Available') {
@@ -124,18 +112,21 @@
 	$sql = "select * from v_call_center_queues ";
 	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by queue_name asc ";
-	$database = new database;
 	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
 	$call_center_queues = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get the agents from the database
 	$sql = "select * from v_call_center_agents ";
 	$sql .= "where user_uuid = :user_uuid ";
 	$sql .= "and domain_uuid = :domain_uuid ";
 	//$sql .= "ORDER BY agent_name ASC ";
-	$database = new database;
 	$parameters['user_uuid'] = $_SESSION['user_uuid'];
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
 	$agent = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 	//echo "<pre>\n";
 	//print_r($agent);
 	//echo "</pre>\n";

app/call_centers/call_center_agent_delete.php

@@ -30,10 +30,7 @@
 	require_once "resources/check_auth.php";
 
 //check the permissions
-	if (permission_exists('call_center_agent_delete')) {
-		//access granted
-	}
-	else {
+	if (!permission_exists('call_center_agent_delete')) {
 		echo "access denied";
 		exit;
 	}
@@ -43,47 +40,50 @@
 	$text = $language->get();
 
 //get the primary key
-	if (isset($_GET["id"]) && is_uuid($_GET["id"])) {
-		$id = check_str($_GET["id"]);
-	}
-	else {
-		exit;
+	if (is_uuid($_GET["id"])) {
+		$agent_uuid = $_GET["id"];
+
+		//delete the agent from the freeswitch
+			//setup the event socket connection
+				$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
+			//delete the agent over event socket
+				if ($fp) {
+					$cmd = "api callcenter_config agent del ".$agent_uuid;
+					$response = event_socket_request($fp, $cmd);
+				}
+
+		//delete the agent from db
+			//tiers table
+				$sql = "delete from v_call_center_tiers ";
+				$sql .= "where domain_uuid = :domain_uuid ";
+				$sql .= "and agent_name = :agent_name ";
+				$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+				$parameters['agent_name'] = $agent_uuid;
+				$database = new database;
+				$database->execute($sql, $parameters);
+				unset($sql, $parameters);
+
+			//agents table
+				$array['call_center_agents'][0]['call_center_agent_uuid'] = $agent_uuid;
+				$array['call_center_agents'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+				$database = new database;
+				$database->app_name = 'call_centers';
+				$database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370';
+				$database->delete($array);
+				$response = $database->message;
+				unset($array);
+
+		//synchronize configuration
+			save_call_center_xml();
+			remove_config_from_cache('configuration:callcenter.conf');
+
+		//set message
+			message::add($text['message-delete']);
+
 	}
 
-//delete the agent from the freeswitch
-	//setup the event socket connection
-		$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
-	//delete the agent over event socket
-		if ($fp) {
-			$cmd = "api callcenter_config agent del ".$id;
-			$response = event_socket_request($fp, $cmd);
-		}
-
-//delete the agent from db
-	if (strlen($id)>0) {
-		//tiers table
-			$sql = "delete from v_call_center_tiers ";
-			$sql .= "where domain_uuid = '$domain_uuid' ";
-			$sql .= "and agent_name = '$agent_name' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql);
-
-		//agents table
-			$sql = "delete from v_call_center_agents ";
-			$sql .= "where domain_uuid = '$domain_uuid' ";
-			$sql .= "and call_center_agent_uuid = '$id' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql);
-	}
-
-//synchronize configuration
-	save_call_center_xml();
-	remove_config_from_cache('configuration:callcenter.conf');
 
 //redirect the browser
-	message::add($text['message-delete']);
 	header("Location: call_center_agents.php");
 	return;
 

app/call_centers/call_center_agent_edit.php

@@ -47,34 +47,31 @@
 	if ($_GET["check"] == 'duplicate') {
 		//agent id
 			if ($_GET["agent_id"] != '') {
-				$sql = "select ";
-				$sql .= "agent_name ";
-				$sql .= "from ";
-				$sql .= "v_call_center_agents ";
-				$sql .= "where ";
-				$sql .= "agent_id = '".check_str($_GET["agent_id"])."' ";
-				$sql .= "and domain_uuid = '".$domain_uuid."' ";
-				if ($_GET["agent_uuid"] != '') {
-					$sql .= " and call_center_agent_uuid <> '".check_str($_GET["agent_uuid"])."' ";
+				$sql = "select agent_name ";
+				$sql .= "from v_call_center_agents ";
+				$sql .= "where agent_id = :agent_id ";
+				$sql .= "and domain_uuid = :domain_uuid ";
+				if (is_uuid($_GET["agent_uuid"])) {
+					$sql .= " and call_center_agent_uuid <> :call_center_agent_uuid ";
+					$parameters['call_center_agent_uuid'] = $_GET["agent_uuid"];
 				}
-				$prep_statement = $db->prepare($sql);
-				if ($prep_statement) {
-					$prep_statement->execute();
-					$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-					if ($row['agent_name'] != '') {
-						echo $text['message-duplicate_agent_id'].((if_group("superadmin")) ? ": ".$row["agent_name"] : null);
-					}
+				$parameters['agent_id'] = $_GET["agent_id"];
+				$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+				$database = new database;
+				$row = $database->select($sql, $parameters, 'row');
+				if (is_array($row) && sizeof($row) != 0 && $row['agent_name'] != '') {
+					echo $text['message-duplicate_agent_id'].(if_group("superadmin") ? ": ".$row["agent_name"] : null);
 				}
-				unset($prep_statement);
+				unset($sql, $parameters);
 			}
 
 		exit;
 	}
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$call_center_agent_uuid = check_str($_REQUEST["id"]);
+		$call_center_agent_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -82,21 +79,21 @@
 
 //get http post variables and set them to php variables
 	if (is_array($_POST)) {
-		$call_center_agent_uuid = check_str($_POST["call_center_agent_uuid"]);
-		$user_uuid = check_str($_POST["user_uuid"]);
-		$agent_name = check_str($_POST["agent_name"]);
-		$agent_type = check_str($_POST["agent_type"]);
-		$agent_call_timeout = check_str($_POST["agent_call_timeout"]);
-		$agent_id = check_str($_POST["agent_id"]);
-		$agent_password = check_str($_POST["agent_password"]);
-		$agent_status = check_str($_POST["agent_status"]);
-		$agent_contact = check_str($_POST["agent_contact"]);
-		$agent_no_answer_delay_time = check_str($_POST["agent_no_answer_delay_time"]);
-		$agent_max_no_answer = check_str($_POST["agent_max_no_answer"]);
-		$agent_wrap_up_time = check_str($_POST["agent_wrap_up_time"]);
-		$agent_reject_delay_time = check_str($_POST["agent_reject_delay_time"]);
-		$agent_busy_delay_time = check_str($_POST["agent_busy_delay_time"]);
-		//$agent_logout = check_str($_POST["agent_logout"]);
+		$call_center_agent_uuid = $_POST["call_center_agent_uuid"];
+		$user_uuid = $_POST["user_uuid"];
+		$agent_name = $_POST["agent_name"];
+		$agent_type = $_POST["agent_type"];
+		$agent_call_timeout = $_POST["agent_call_timeout"];
+		$agent_id = $_POST["agent_id"];
+		$agent_password = $_POST["agent_password"];
+		$agent_status = $_POST["agent_status"];
+		$agent_contact = $_POST["agent_contact"];
+		$agent_no_answer_delay_time = $_POST["agent_no_answer_delay_time"];
+		$agent_max_no_answer = $_POST["agent_max_no_answer"];
+		$agent_wrap_up_time = $_POST["agent_wrap_up_time"];
+		$agent_reject_delay_time = $_POST["agent_reject_delay_time"];
+		$agent_busy_delay_time = $_POST["agent_busy_delay_time"];
+		//$agent_logout = $_POST["agent_logout"];
 	}
 
 //process the user data and save it to the database
@@ -104,7 +101,7 @@
 
 		//get the uuid from the POST
 			if ($action == "update") {
-				$call_center_agent_uuid = check_str($_POST["call_center_agent_uuid"]);
+				$call_center_agent_uuid = $_POST["call_center_agent_uuid"];
 			}
 
 		//check for all required data
@@ -214,8 +211,8 @@
 			}
 
 		//get the users array
-			$sql = "SELECT * FROM v_users ";
-			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+			$sql = "select * from v_users ";
+			$sql .= "where domain_uuid = :domain_uuid'".$_SESSION['domain_uuid']."' ";
 			$sql .= "order by username asc ";
 			$prep_statement = $db->prepare(check_sql($sql));
 			$prep_statement->execute();
@@ -264,14 +261,15 @@
 
 //pre-populate the form
 	if (is_array($_GET) && $_POST["persistformvar"] != "true") {
-		$call_center_agent_uuid = check_str($_GET["id"]);
+		$call_center_agent_uuid = $_GET["id"];
 		$sql = "select * from v_call_center_agents ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and call_center_agent_uuid = '$call_center_agent_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and call_center_agent_uuid = :call_center_agent_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['call_center_agent_uuid'] = $call_center_agent_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && sizeof($row) != 0) {
 			$call_center_agent_uuid = $row["call_center_agent_uuid"];
 			$user_uuid = $row["user_uuid"];
 			$agent_name = $row["agent_name"];
@@ -288,7 +286,7 @@
 			$agent_busy_delay_time = $row["agent_busy_delay_time"];
 			//$agent_logout = $row["agent_logout"];
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters);
 	}
 
 //set default values
@@ -310,14 +308,14 @@
 	}
 
 //get the list of users for this domain
-	$sql = "SELECT * FROM v_users ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	$sql = "select * from v_users ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "and user_enabled = 'true' ";
 	$sql .= "order by username asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset($sql);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
+	$users = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //javascript to check for duplicates
 	?>

app/call_centers/call_center_agent_status.php

@@ -50,8 +50,8 @@
 //get the agents from the database
 	$sql = "select * from v_call_center_tiers ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	$database = new database;
 	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
 	$tiers = $database->select($sql, $parameters, 'all');
 	if (count($tiers) == 0) {
 		$per_queue_login = true;
@@ -59,6 +59,7 @@
 	else {
 		$per_queue_login = false;
 	}
+	unset($sql, $parameters);
 
 //setup the event socket connection
 	$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
@@ -77,15 +78,21 @@
 					if ($fp) {
 						//set the user_status
 							if (!isset($row['queue_name'])) {
-								$sql  = "update v_users set ";
-								$sql .= "user_status = :row['agent_status'] ";
-								$sql .= "where domain_uuid = :domain_uuid ";
-								$sql .= "and user_uuid = :row['user_uuid'] ";
-								$parameters['agent_uuid'] = $row['agent_uuid'];
-								$parameters['agent_status'] = $row['agent_status'];
+								$array['users'][0]['user_uuid'] = $row['user_uuid'];
+								$array['users'][0]['user_status'] = $row['agent_status'];
+								$array['users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+								$p = new permissions;
+								$p->add('user_edit', 'temp');
+
 								$database = new database;
-								$database->select($sql, $parameters);
-								unset($parameters);
+								$database->app_name = 'call_centers';
+								$database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370';
+								$database->save($array);
+								$response = $database->message;
+								unset($array);
+
+								$p->delete('user_edit', 'temp');
 							}
 
 						//validate the agent status
@@ -153,11 +160,12 @@
 						//get the agents from the database
 							$sql = "select agent_name from v_call_center_agents ";
 							$sql .= "where domain_uuid = :domain_uuid ";
-							$sql .= "and call_center_agent_uuid = :row['agent_uuid'] ";
+							$sql .= "and call_center_agent_uuid = :call_center_agent_uuid ";
+							$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+							$parameters['call_center_agent_uuid'] = $row['agent_uuid'];
 							$database = new database;
-							$parameters['agent_uuid'] = $row['agent_uuid'];
 							$agent_name = $database->select($sql, $parameters, 'all');
-							unset($parameters);
+							unset($sql, $parameters);
 
 							if ($row['agent_status'] == 'Available') {
 								$answer_state = 'confirmed';
@@ -187,8 +195,10 @@
 	$sql = "select * from v_call_center_agents ";
 	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by agent_name asc ";
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$database = new database;
 	$agents = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get the agent list from event socket
 	$switch_cmd = 'callcenter_config agent list';
@@ -204,8 +214,10 @@
 	$sql = "select * from v_call_center_queues ";
 	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by queue_name asc ";
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$database = new database;
 	$call_center_queues = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //add the status to the call_center_queues array
 	$x = 0;

app/call_centers/call_center_agents.php

@@ -48,24 +48,9 @@
 	require_once "resources/paging.php";
 
 //get http values and set them to php variables
-	$order_by = $_GET["order_by"];
+	$order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'agent_name';
 	$order = $_GET["order"];
 
-//validate order by
-	if (strlen($order_by) > 0) {
-		$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
-	}
-
-//validate the order
-	switch ($order) {
-		case 'asc':
-			break;
-		case 'desc':
-			break;
-		default:
-			$order = '';
-	}
-
 //show content
 	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
 	echo "<tr>\n";
@@ -82,20 +67,12 @@
 	echo "</tr>\n";
 	echo "</tr></table>\n";
 
-	$sql = "select * from v_call_center_agents ";
+	$sql = "select count(*) from v_call_center_agents ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	if (strlen($order_by) == 0) {
-		$order_by = 'agent_name';
-		$order = 'asc';
-	}
-	else {
-		$sql .= "order by $order_by $order ";
-	}
-	$database = new database;
 	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-	$parameters['rows_per_page'] = $rows_per_page;
-	$parameters['offset'] = $offset;
-	$result = $database->select($sql, $parameters, 'all');
+	$database = new database;
+	$num_rows = $database->select($sql, $parameters, 'column');
+	unset($sql, $parameters);
 
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
 	$param = "";
@@ -106,18 +83,12 @@
 
 	$sql = "select * from v_call_center_agents ";
 	$sql .= "where domain_uuid = :domain_uuid ";
-	if (strlen($order_by) == 0) {
-		$order_by = 'agent_name';
-		$order = 'asc';
-	}
-	else {
-		$sql .= "order by $order_by $order ";
-	}
-	$sql .= " limit :rows_per_page offset :offset ";
+	$sql .= order_by($order_by, $order);
+	$sql .= limit_offset($rows_per_page, $offset);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 	$database = new database;
-	$parameters['rows_per_page'] = $rows_per_page;
-	$parameters['offset'] = $offset;
 	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 	$c = 0;
 	$row_style["0"] = "row_style0";
@@ -164,15 +135,16 @@
 			$bridge_statement = explode('/', $row['agent_contact']);
 			if ($bridge_statement[0] == 'sofia' && $bridge_statement[1] == 'gateway' && is_uuid($bridge_statement[2])) {
 				// retrieve gateway name from db
-				$sql = "select gateway from v_gateways where gateway_uuid = '".$bridge_statement[2]."' ";
-				$prep_statement = $db->prepare(check_sql($sql));
-				$prep_statement->execute();
-				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+				$sql = "select gateway from v_gateways ";
+				$sql .= "where gateway_uuid = :gateway_uuid ";
+				$parameters['gateway_uuid'] = $bridge_statement[2];
+				$database = new database;
+				$result = $database->select($sql, $parameters, 'all');
 				if (count($result) > 0) {
 					$gateway_name = $result[0]['gateway'];
 					$agent_contact = str_replace($bridge_statement[2], $gateway_name, $agent_contact);
 				}
-				unset ($prep_statement, $sql, $bridge_statement);
+				unset($sql, $parameters, $bridge_statement);
 			}
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$agent_contact."&nbsp;</td>\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['agent_max_no_answer'])."&nbsp;</td>\n";
@@ -193,7 +165,7 @@
 			echo "</tr>\n";
 			if ($c==0) { $c=1; } else { $c=0; }
 		} //end foreach
-		unset($sql, $result, $row_count);
+		unset($result);
 	} //end if results
 
 	echo "<tr>\n";

app/call_centers/call_center_queue_delete.php

@@ -42,52 +42,58 @@
 	$language = new text;
 	$text = $language->get();
 
-//get the id
-	if (count($_GET) > 0) {
-		$id = check_str($_GET["id"]);
-	}
-
 //delete the data
-	if (strlen($id) > 0) {
+	if (is_uuid($_GET["id"])) {
+		$call_center_queue_uuid = $_GET["id"];
 
 		//get the dialplan uuid
 			$sql = "select * from v_call_center_queues ";
-			$sql .= "where domain_uuid = '$domain_uuid' ";
-			$sql .= "and call_center_queue_uuid = '$id' ";
-			$prep_statement = $db->prepare($sql);
-			$prep_statement->execute();
-			while($row = $prep_statement->fetch(PDO::FETCH_ASSOC)) {
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and call_center_queue_uuid = :call_center_queue_uuid ";
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$parameters['call_center_queue_uuid'] = $call_center_queue_uuid;
+			$database = new database;
+			$row = $database->select($sql, $parameters, 'row');
+			if (is_array($row) && sizeof($row) != 0) {
 				$queue_name = $row['queue_name'];
 				$dialplan_uuid = $row['dialplan_uuid'];
 			}
+			unset($sql, $parameters, $row);
 
 		//delete the tier from the database
-			$sql = "delete from v_call_center_tiers ";
-			$sql .= "where domain_uuid = '$domain_uuid' ";
-			$sql .= "and (call_center_queue_uuid = '$id' or queue_name = '".$queue_name."@".$_SESSION['domain_name']."') ";
-			$db->query($sql);
-			unset($sql);
+			$array['call_center_tiers'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['call_center_tiers'][0]['call_center_queue_uuid'] = $call_center_queue_uuid;
+			$array['call_center_tiers'][1]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['call_center_tiers'][1]['queue_name'] = $queue_name."@".$_SESSION['domain_name'];
 
 		//delete the call center queue
-			$sql = "delete from v_call_center_queues ";
-			$sql .= "where domain_uuid = '$domain_uuid' ";
-			$sql .= "and call_center_queue_uuid = '$id' ";
-			$db->query($sql);
-			unset($sql);
+			$array['call_center_queues'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['call_center_queues'][0]['call_center_queue_uuid'] = $call_center_queue_uuid;
 
 		//delete the dialplan entry
-			$sql = "delete from v_dialplans ";
-			$sql .= "where domain_uuid = '$domain_uuid' ";
-			$sql .= "and dialplan_uuid = '$dialplan_uuid' ";
-			$db->query($sql);
-			unset($sql);
+			$array['dialplans'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['dialplans'][0]['dialplan_uuid'] = $dialplan_uuid;
 
 		//delete the dialplan details
-			$sql = "delete from v_dialplan_details ";
-			$sql .= "where domain_uuid = '$domain_uuid' ";
-			$sql .= "and dialplan_uuid = '$dialplan_uuid' ";
-			$db->query($sql);
-			unset($sql);
+			$array['dialplan_details'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+			$array['dialplan_details'][0]['dialplan_uuid'] = $dialplan_uuid;
+
+		//execute
+			$p = new permissions;
+			$p->add('call_center_tier_delete', 'temp');
+			$p->add('dialplan_delete', 'temp');
+			$p->add('dialplan_detail_delete', 'temp');
+
+			$database = new database;
+			$database->app_name = 'call_centers';
+			$database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370';
+			$database->delete($array);
+			$response = $database->message;
+			unset($array);
+
+			$p->delete('call_center_tier_delete', 'temp');
+			$p->delete('dialplan_delete', 'temp');
+			$p->delete('dialplan_detail_delete', 'temp');
 
 		//clear the cache
 			$cache = new cache;
@@ -100,10 +106,12 @@
 
 		//apply settings reminder
 			$_SESSION["reload_xml"] = true;
+
+		//set message
+			message::add($text['message-delete']);
 	}
 
 //redirect the browser
-	message::add($text['message-delete']);
 	header("Location: call_center_queues.php");
 	return;
 

app/call_centers/call_center_queue_edit.php

@@ -44,9 +44,9 @@
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$call_center_queue_uuid = check_str($_REQUEST["id"]);
+		$call_center_queue_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -55,15 +55,13 @@
 //get total call center queues count from the database, check limit, if defined
 	if ($action == 'add') {
 		if ($_SESSION['limit']['call_center_queues']['numeric'] != '') {
-			$sql = "select count(*) as num_rows from v_call_center_queues ";
-			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-			$prep_statement = $db->prepare($sql);
-			if ($prep_statement) {
-				$prep_statement->execute();
-				$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-				$total_call_center_queues = $row['num_rows'];
-			}
-			unset($prep_statement, $row);
+			$sql = "select count(*) from v_call_center_queues ";
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$database = new database;
+			$total_call_center_queues = $database->select($sql, $parameters, 'column');
+			unset($sql, $parameters);
+
 			if ($total_call_center_queues >= $_SESSION['limit']['call_center_queues']['numeric']) {
 				message::add($text['message-maximum_queues'].' '.$_SESSION['limit']['call_center_queues']['numeric'], 'negative');
 				header('Location: call_center_queues.php');
@@ -75,30 +73,30 @@
 //get http post variables and set them to php variables
 	if (is_array($_POST)) {
 		//get the post variables a run a security chack on them
-			//$domain_uuid = check_str($_POST["domain_uuid"]);
-			$dialplan_uuid = check_str($_POST["dialplan_uuid"]);
-			$queue_name = check_str($_POST["queue_name"]);
-			$queue_extension = check_str($_POST["queue_extension"]);
-			$queue_greeting = check_str($_POST["queue_greeting"]);
-			$queue_strategy = check_str($_POST["queue_strategy"]);
-			$queue_moh_sound = check_str($_POST["queue_moh_sound"]);
-			$queue_record_template = check_str($_POST["queue_record_template"]);
-			$queue_time_base_score = check_str($_POST["queue_time_base_score"]);
-			$queue_max_wait_time = check_str($_POST["queue_max_wait_time"]);
-			$queue_max_wait_time_with_no_agent = check_str($_POST["queue_max_wait_time_with_no_agent"]);
-			$queue_max_wait_time_with_no_agent_time_reached = check_str($_POST["queue_max_wait_time_with_no_agent_time_reached"]);
-			$queue_tier_rules_apply = check_str($_POST["queue_tier_rules_apply"]);
-			$queue_tier_rule_wait_second = check_str($_POST["queue_tier_rule_wait_second"]);
-			$queue_tier_rule_wait_multiply_level = check_str($_POST["queue_tier_rule_wait_multiply_level"]);
-			$queue_tier_rule_no_agent_no_wait = check_str($_POST["queue_tier_rule_no_agent_no_wait"]);
-			$queue_timeout_action = check_str($_POST["queue_timeout_action"]);
-			$queue_discard_abandoned_after = check_str($_POST["queue_discard_abandoned_after"]);
-			$queue_abandoned_resume_allowed = check_str($_POST["queue_abandoned_resume_allowed"]);
-			$queue_cid_prefix = check_str($_POST["queue_cid_prefix"]);
-			$queue_announce_sound = check_str($_POST["queue_announce_sound"]);
-			$queue_announce_frequency = check_str($_POST["queue_announce_frequency"]);
-			$queue_cc_exit_keys = check_str($_POST["queue_cc_exit_keys"]);
-			$queue_description = check_str($_POST["queue_description"]);
+			//$domain_uuid = $_POST["domain_uuid"];
+			$dialplan_uuid = $_POST["dialplan_uuid"];
+			$queue_name = $_POST["queue_name"];
+			$queue_extension = $_POST["queue_extension"];
+			$queue_greeting = $_POST["queue_greeting"];
+			$queue_strategy = $_POST["queue_strategy"];
+			$queue_moh_sound = $_POST["queue_moh_sound"];
+			$queue_record_template = $_POST["queue_record_template"];
+			$queue_time_base_score = $_POST["queue_time_base_score"];
+			$queue_max_wait_time = $_POST["queue_max_wait_time"];
+			$queue_max_wait_time_with_no_agent = $_POST["queue_max_wait_time_with_no_agent"];
+			$queue_max_wait_time_with_no_agent_time_reached = $_POST["queue_max_wait_time_with_no_agent_time_reached"];
+			$queue_tier_rules_apply = $_POST["queue_tier_rules_apply"];
+			$queue_tier_rule_wait_second = $_POST["queue_tier_rule_wait_second"];
+			$queue_tier_rule_wait_multiply_level = $_POST["queue_tier_rule_wait_multiply_level"];
+			$queue_tier_rule_no_agent_no_wait = $_POST["queue_tier_rule_no_agent_no_wait"];
+			$queue_timeout_action = $_POST["queue_timeout_action"];
+			$queue_discard_abandoned_after = $_POST["queue_discard_abandoned_after"];
+			$queue_abandoned_resume_allowed = $_POST["queue_abandoned_resume_allowed"];
+			$queue_cid_prefix = $_POST["queue_cid_prefix"];
+			$queue_announce_sound = $_POST["queue_announce_sound"];
+			$queue_announce_frequency = $_POST["queue_announce_frequency"];
+			$queue_cc_exit_keys = $_POST["queue_cc_exit_keys"];
+			$queue_description = $_POST["queue_description"];
 
 		//remove invalid characters
 			$queue_cid_prefix = str_replace(":", "-", $queue_cid_prefix);
@@ -111,23 +109,25 @@
 //delete the tier (agent from the queue)
 	if ($_REQUEST["a"] == "delete" && strlen($_REQUEST["id"]) > 0 && permission_exists("call_center_tier_delete")) {
 		//set the variables
-			$call_center_queue_uuid = check_str($_REQUEST["id"]);
-			$call_center_tier_uuid = check_str($_REQUEST["call_center_tier_uuid"]);
+			$call_center_queue_uuid = $_REQUEST["id"];
+			$call_center_tier_uuid = $_REQUEST["call_center_tier_uuid"];
 		//get the agent details
 			$sql = "select agent_name, queue_name, call_center_agent_uuid, call_center_queue_uuid ";
 			$sql .= "from v_call_center_tiers ";
-			$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-			$sql .= "and call_center_tier_uuid = '".$call_center_tier_uuid."' ";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			$tiers = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-			if (is_array($tiers)) {
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and call_center_tier_uuid = :call_center_tier_uuid ";
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$parameters['call_center_tier_uuid'] = $call_center_tier_uuid;
+			$database = new database;
+			$tiers = $database->select($sql, $parameters, 'all');
+			unset($sql, $parameters);
+
+			if (is_array($tiers) && sizeof($tiers) != 0) {
 				foreach ($tiers as &$row) {
 					$call_center_agent_uuid = $row["call_center_agent_uuid"];
 					$call_center_queue_uuid = $row["call_center_queue_uuid"];
 				}
 			}
-			unset ($prep_statement);
 		//delete the agent from freeswitch
 			//setup the event socket connection
 			$fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']);
@@ -139,10 +139,19 @@
 			}
 		//delete the tier from the database
 			if (strlen($call_center_tier_uuid) > 0) {
-				$sql = "delete from v_call_center_tiers where domain_uuid = '".$_SESSION['domain_uuid']."' and call_center_tier_uuid = '".$call_center_tier_uuid."'";
-				$prep_statement = $db->prepare(check_sql($sql));
-				$prep_statement->execute();
-				unset($sql);
+				$array['call_center_tiers'][0]['call_center_tier_uuid'] = $call_center_tier_uuid;
+				$array['call_center_tiers'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+				$p = new permissions;
+				$p->add('call_center_tier_delete', 'temp');
+
+				$database = new database;
+				$database->app_name = 'call_centers';
+				$database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370';
+				$database->delete($array);
+				unset($array);
+
+				$p->delete('call_center_tier_delete', 'temp');
 			}
 	}
 
@@ -151,7 +160,7 @@
 
 		//get the uuid from the POST
 			if ($action == "update") {
-				$call_center_queue_uuid = check_str($_POST["call_center_queue_uuid"]);
+				$call_center_queue_uuid = $_POST["call_center_queue_uuid"];
 			}
 	
 		//check for all required data
@@ -313,9 +322,9 @@
 			remove_config_from_cache('configuration:callcenter.conf');
 
 		//add agent/tier to queue
-			$agent_name = check_str($_POST["agent_name"]);
-			$tier_level = check_str($_POST["tier_level"]);
-			$tier_position = check_str($_POST["tier_position"]);
+			$agent_name = $_POST["agent_name"];
+			$tier_level = $_POST["tier_level"];
+			$tier_position = $_POST["tier_position"];
 
 			if ($agent_name != '') {
 				//setup the event socket connection
@@ -362,11 +371,14 @@
 	if (is_array($_GET) && is_uuid($_GET["id"]) && $_POST["persistformvar"] != "true") {
 		$call_center_queue_uuid = $_GET["id"];
 		$sql = "select * from v_call_center_queues ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-		$sql .= "and call_center_queue_uuid = '$call_center_queue_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$call_center_queues = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and call_center_queue_uuid = :call_center_queue_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['call_center_queue_uuid'] = $call_center_queue_uuid;
+		$database = new database;
+		$call_center_queues = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
+
 		if (is_array($call_center_queues)) {
 			foreach ($call_center_queues as &$row) {
 				$queue_name = $row["queue_name"];
@@ -395,19 +407,20 @@
 				$queue_description = $row["queue_description"];
 			}
 		}
-		unset ($prep_statement);
 	}
 
 //get the tiers
 	$sql = "select t.call_center_tier_uuid, t.call_center_agent_uuid, t.call_center_queue_uuid, t.tier_level, t.tier_position, a.agent_name ";
 	$sql .= "from v_call_center_tiers as t, v_call_center_agents as a ";
-	$sql .= "where t.call_center_queue_uuid = '".$call_center_queue_uuid."' ";
+	$sql .= "where t.call_center_queue_uuid = :call_center_queue_uuid ";
 	$sql .= "and t.call_center_agent_uuid = a.call_center_agent_uuid ";
-	$sql .= "and t.domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	$sql .= "and t.domain_uuid = :domain_uuid ";
 	$sql .= "order by tier_level asc, tier_position asc, a.agent_name asc";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$tiers = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$parameters['call_center_queue_uuid'] = $call_center_queue_uuid;
+	$database = new database;
+	$tiers = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //add an empty row to the tiers array
 	if (count($tiers) == 0) {
@@ -430,13 +443,14 @@
 
 //get the agents
 	$sql = "select call_center_agent_uuid, agent_name from v_call_center_agents ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by agent_name asc";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$agents = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
+	$agents = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
-//get the sounds
+	//get the sounds
 	$sounds = new sounds;
 	$sounds = $sounds->get();
 
@@ -674,7 +688,7 @@
 			$assigned_agents[] = $field['agent_name'];
 			$x++;
 		}
-		unset ($prep_statement, $sql, $tiers);
+		unset ($tiers);
 		echo "		</table>\n";
 		echo "		<br>\n";
 		echo "		".$text['description-tiers']."\n";

app/call_centers/call_center_queues.php

@@ -48,24 +48,9 @@
 	require_once "resources/paging.php";
 
 //get http variables and set as php variables
-	$order_by = $_GET["order_by"];
+	$order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'queue_name';
 	$order = $_GET["order"];
 
-//validate order by
-	if (strlen($order_by) > 0) {
-		$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
-	}
-
-//validate the order
-	switch ($order) {
-		case 'asc':
-			break;
-		case 'desc':
-			break;
-		default:
-			$order = '';
-	}
-
 //show the content
 	echo "<table width='100%' cellpadding='0' cellspacing='0' border='0'>\n";
 	echo "<tr>\n";
@@ -85,24 +70,15 @@
 	echo "</tr></table>\n";
 
 	//get total call center queues count from the database
-		$sql = "select count(*) as num_rows from v_call_center_queues where domain_uuid = :domain_uuid ";
-		$database = new database;
+		$sql = "select count(*) from v_call_center_queues ";
+		$sql .= "where domain_uuid = :domain_uuid ";
 		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-		$row = $database->select($sql, $parameters, 'all');
-		$total_call_center_queues = $row['num_rows'];
-
-	//prepare to page the results (reuse $sql from above)
-		if (strlen($order_by) == 0) {
-			$order_by = 'queue_name';
-			$order = 'asc';
-		}
-		else {
-			$sql .= "order by $order_by $order ";
-		}
 		$database = new database;
-		$result = $database->select($sql, $parameters, 'all');
-		$num_rows = $database->select($sql, $parameters, 'column');
-		
+		$total_call_center_queues = $database->select($sql, $parameters, 'column');
+		unset($sql, $parameters);
+
+	//prepare to page the results
+		$num_rows = $total_call_center_queues;
 		$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
 		$param = "";
 		$page = $_GET['page'];
@@ -112,18 +88,12 @@
 
 		$sql = "select * from v_call_center_queues ";
 		$sql .= "where domain_uuid = :domain_uuid ";
-		if (strlen($order_by) == 0) {
-			$order_by = 'queue_name';
-			$order = 'asc';
-		}
-		else {
-			$sql .= "order by $order_by $order ";
-		}
-		$sql .= " limit :rows_per_page offset :offset ";
+		$sql .= order_by($order_by, $order);
+		$sql .= limit_offset($rows_per_page, $offset);
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
 		$database = new database;
-		$parameters['rows_per_page'] = $rows_per_page;
-		$parameters['offset'] = $offset;
 		$result = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 		
 	$c = 0;
 	$row_style["0"] = "row_style0";

app/call_centers/call_center_tier_edit.php

@@ -39,20 +39,20 @@ else {
 	$text = $language->get();
 
 //set tier uuid
-	$call_center_tier_uuid = check_str($_REQUEST["id"]);
+	$call_center_tier_uuid = $_REQUEST["id"];
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$agent_name = check_str($_POST["agent_name"]);
-		$queue_name = check_str($_POST["queue_name"]);
-		$tier_level = check_str($_POST["tier_level"]);
-		$tier_position = check_str($_POST["tier_position"]);
+		$agent_name = $_POST["agent_name"];
+		$queue_name = $_POST["queue_name"];
+		$tier_level = $_POST["tier_level"];
+		$tier_position = $_POST["tier_position"];
 	}
 
 if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 	$msg = '';
-	$call_center_tier_uuid = check_str($_POST["call_center_tier_uuid"]);
+	$call_center_tier_uuid = $_POST["call_center_tier_uuid"];
 
 	//check for all required data
 		//if (strlen($domain_uuid) == 0) { $msg .= $text['message-required']."domain_uuid<br>\n"; }
@@ -100,30 +100,35 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 			}
 
 	//update the database
-		$sql = "update v_call_center_tiers set ";
-		$sql .= "domain_uuid = '$domain_uuid', ";
-		$sql .= "agent_name = '$agent_name', ";
-		$sql .= "queue_name = '$queue_name', ";
-		$sql .= "tier_level = '$tier_level', ";
-		$sql .= "tier_position = '$tier_position' ";
-		$sql .= "where call_center_tier_uuid = '$call_center_tier_uuid'";
-		$db->exec(check_sql($sql));
-		unset($sql);
+		$array['call_center_tiers'][0]['call_center_tier_uuid'] = $call_center_tier_uuid;
+		$array['call_center_tiers'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+		$array['call_center_tiers'][0]['agent_name'] = $agent_name;
+		$array['call_center_tiers'][0]['queue_name'] = $queue_name;
+		$array['call_center_tiers'][0]['tier_level'] = $tier_level;
+		$array['call_center_tiers'][0]['tier_position'] = $tier_position;
+		$database = new database;
+		$database->app_name = 'call_centers';
+		$database->app_uuid = '95788e50-9500-079e-2807-fd530b0ea370';
+		$database->save($array);
+		unset($array);
 
 		//syncrhonize configuration
 			save_call_center_xml();
 			remove_config_from_cache('configuration:callcenter.conf');
 
 		//look up queue uuid by queue name (ugh)
-		$sql = "select call_center_queue_uuid from v_call_center_queues where queue_name = '".$queue_name."'";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
-			$queue_uuid = $row["call_center_queue_uuid"];
-			break;
+		$sql = "select call_center_queue_uuid from v_call_center_queues ";
+		$sql .= "where queue_name = :queue_name ";
+		$parameters['queue_name'] = $queue_name;
+		$database = new database;
+		$result = $database->select($sql, $parameters, 'all');
+		if (is_array($result) && sizeof($result) != 0) {
+			foreach ($result as &$row) {
+				$queue_uuid = $row["call_center_queue_uuid"];
+				break;
+			}
 		}
-		unset($prep_statement);
+		unset($sql, $parameters, $result, $row);
 
 		message::add($text['message-update']);
 		header("Location: call_center_queue_edit.php?id=".$queue_uuid);
@@ -134,19 +139,22 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
 		$sql = "select * from v_call_center_tiers ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "and call_center_tier_uuid = '$call_center_tier_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
-			$agent_name = $row["agent_name"];
-			$queue_name = $row["queue_name"];
-			$tier_level = $row["tier_level"];
-			$tier_position = $row["tier_position"];
-			break; //limit to 1 row
+		$sql .= "where domain_uuid = :domain_uuid ";
+		$sql .= "and call_center_tier_uuid = :call_center_tier_uuid ";
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+		$parameters['call_center_tier_uuid'] = $call_center_tier_uuid;
+		$database = new database;
+		$result = $database->select($sql, $parameters, 'all');
+		if (is_array($result) && sizeof($result) != 0) {
+			foreach ($result as &$row) {
+				$agent_name = $row["agent_name"];
+				$queue_name = $row["queue_name"];
+				$tier_level = $row["tier_level"];
+				$tier_position = $row["tier_position"];
+				break; //limit to 1 row
+			}
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $result, $row);
 	}
 
 
@@ -177,16 +185,17 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "<td class='vtable' align='left'>\n";
 
 	//---- Begin Select List --------------------
-	$sql = "SELECT * FROM v_users ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
+	$sql = "select * from v_users ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "and user_enabled = 'true' ";
 	$sql .= "order by username asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 	echo "<select id=\"agent_name\" name=\"agent_name\" class='formfld'>\n";
 	echo "<option value=\"\"></option>\n";
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	//$catcount = count($result);
 	foreach($result as $field) {
 		if ($field[username] == $agent_name) {
@@ -212,15 +221,16 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "<td class='vtable' align='left'>\n";
 
 	//---- Begin Select List --------------------
-	$sql = "SELECT * FROM v_call_center_queues ";
-	$sql .= "where domain_uuid = '$domain_uuid' ";
+	$sql = "select * from v_call_center_queues ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by queue_name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 	echo "<select id=\"queue_name\" name=\"queue_name\" class='formfld'>\n";
 	echo "<option value=\"\"></option>\n";
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	//$catcount = count($result);
 	foreach($result as $field) {
 		if ($field[queue_name] == $queue_name) {