-foreach ($ACTIONS as $act)
-{
- $result_fix = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_guest_menu WHERE act='".$act."' AND what != '' ORDER BY sort", __FILE__, __LINE__);
+foreach ($ACTIONS as $act) {
+ $result_fix = SQL_QUERY_ESC("SELECT id FROM `"._MYSQL_PREFIX."_guest_menu` WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort",
+ array($act), __FILE__, __LINE__);