* NOTE. This class should not be used directly. Use the
* "AddressBook" class instead.
*
- * $Id$
+ * @version $Id$
* @package squirrelmail
+ * @subpackage addressbook
*/
/** Needs the DB functions */
}
$query = sprintf("SELECT * FROM %s WHERE owner='%s' AND nickname='%s'",
- $this->table, $this->owner, $alias);
+ $this->table, $this->owner, $this->dbh->quoteString($alias));
$res = $this->dbh->query($query);