-foreach ($ACTIONS as $act)
-{
- $result_fix = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE act='".$act."' AND what != '' AND what IS NOT NULL ORDER BY sort", __FILE__, __LINE__);
+foreach ($ACTIONS as $act) {
+ $result_fix = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort",
+ array($act), __FILE__, __LINE__);