Index: trunk/cgi-bin/admin.cgi
===================================================================
--- trunk/cgi-bin/admin.cgi	(revision 547)
+++ trunk/cgi-bin/admin.cgi	(revision 548)
@@ -69,4 +69,8 @@
 }
 
+if(!defined($webvar{action})) {
+  $webvar{action} = "main";   #shuts up the warnings.
+}
+
 # handle DB error output
 if ($webvar{action} eq 'dberr') {
@@ -87,8 +91,4 @@
 
 my $header = HTML::Template->new(filename => "admin/header.tmpl");
-
-if(!defined($webvar{action})) {
-  $webvar{action} = "main";   #shuts up the warnings.
-}
 
 my $page;
@@ -567,5 +567,5 @@
 # List all IPs in a pool, and allow arbitrary admin changes to each
 # Allow changes to ALL fields
-sub showPool($) {
+sub showPool {
   my $pool = new NetAddr::IP $_[0];
 
@@ -582,6 +582,7 @@
   $page->param(typelist => \@typelist);
 
-  $sth = $ip_dbh->prepare("select ip,custid,city,type,available,description,notes from poolips where pool='$pool' order by ip");
-  $sth->execute;
+  $sth = $ip_dbh->prepare("SELECT ip,custid,city,type,available,description,notes from poolips".
+	" WHERE pool=? ORDER BY ip");
+  $sth->execute($pool);
   my @iplist;
   while (my ($ip,$custid,$city,$type,$avail,$desc,$notes) = $sth->fetchrow_array) {