From 4f2ad67c3ec74108957946d2e87b695085378b6e Mon Sep 17 00:00:00 2001
From: Thomas Vincent <thomasvincent@gmail.com>
Date: Wed, 8 Apr 2026 21:46:56 -0700
Subject: [PATCH] fix(sql): migrate interpolated queries to prepared statements

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>
---
 setup.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.php b/setup.php
index ca1af13..ec91a99 100644
--- a/setup.php
+++ b/setup.php
@@ -154,7 +154,7 @@ function audit_poller_bottom() {
 		$retention = read_config_option('audit_retention');
 
 		if ($retention > 0) {
-			db_execute('DELETE FROM audit_log WHERE event_time < FROM_UNIXTIME(' . (time() - ($retention * 86400)) . ')');
+			db_execute_prepared('DELETE FROM audit_log WHERE event_time < FROM_UNIXTIME(?)', array(time() - ($retention * 86400)));
 			$rows = db_affected_rows();
 			cacti_log('NOTE: Purged ' . $rows . ' Audit Log Records from Cacti', false, 'POLLER');
 		}