-foreach ($ACTIONS as $act)
-{
- $result_fix = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_guest_menu WHERE act='".$act."' AND what != '' AND what IS NOT NULL ORDER BY sort", __FILE__, __LINE__);
+foreach ($ACTIONS as $act) {
+ $result_fix = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_guest_menu` WHERE action='%s' AND `what` != '' AND `what` IS NOT NULL ORDER BY `sort`",
+ array($act), __FILE__, __LINE__);