Use bindParam instead of execute parameters

check.php

@@ -18,8 +18,9 @@ class Check {
         $history = $page->settings->table['history'];
 
         try {
-            $stmt = $page->conn->prepare("SELECT name,uuid FROM $history WHERE $column=? ORDER BY date LIMIT 1");
-            if ($stmt->execute(array($name))) {
+            $stmt = $page->conn->prepare("SELECT name,uuid FROM $history WHERE $column=:val ORDER BY date LIMIT 1");
+            $stmt->bindParam(':val', $name, PDO::PARAM_STR);
+            if ($stmt->execute()) {
                 if ($row = $stmt->fetch()) {
                     $name = $row['name'];
                     $uuid = $row['uuid'];

inc/page.php

@@ -270,8 +270,9 @@ class Page {
         $result = null;
         $history = $this->settings->table['history'];
 
-        $stmt = $this->conn->prepare("SELECT name FROM $history WHERE uuid=? ORDER BY date DESC LIMIT 1");
-        if ($stmt->execute(array($uuid)) && $row = $stmt->fetch()) {
+        $stmt = $this->conn->prepare("SELECT name FROM $history WHERE uuid=:uuid ORDER BY date DESC LIMIT 1");
+        $stmt->bindParam(":uuid", $uuid, PDO::PARAM_STR);
+        if ($stmt->execute() && $row = $stmt->fetch()) {
             $result = $row['name'];
         }
         $stmt->closeCursor();

info.php

@@ -129,11 +129,12 @@ $id = (int)$id;
 $type = $page->type;
 $table = $page->table;
 $sel = $page->get_selection($table);
-$query = "SELECT $sel FROM $table WHERE id=? LIMIT 1";
+$query = "SELECT $sel FROM $table WHERE id=:id LIMIT 1";
 
 $st = $page->conn->prepare($query);
+$st->bindParam(":id", $id, PDO::PARAM_INT);
 
-if ($st->execute(array($id))) {
+if ($st->execute()) {
     ($row = $st->fetch()) or die(str_replace("{type}", $type, $page->t("info.error.id.no-result")));
     $st->closeCursor();