diff --git a/main/blog/blog.php b/main/blog/blog.php
index 47332afaf4..a2b0a4a593 100644
--- a/main/blog/blog.php
+++ b/main/blog/blog.php
@@ -20,7 +20,6 @@ $this_section=SECTION_COURSES;
 // notice for unauthorized people.
 api_protect_course_script(true);
 
-
 //session
 if(isset($_GET['id_session'])) {
 	$_SESSION['id_session'] = intval($_GET['id_session']);
@@ -43,16 +42,15 @@ $current_page = $_GET['action'];
 	PROCESSING
 */
 
-$safe_post_title = Security::remove_XSS($_POST['post_title']);
-$safe_post_file_comment = Security::remove_XSS($_POST['post_file_comment']);
-$safe_post_full_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['post_full_text'])), COURSEMANAGERLOWSECURITY);
-$safe_comment_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['comment_text'])), COURSEMANAGERLOWSECURITY);
-$safe_comment_title = Security::remove_XSS($_POST['comment_title']);
-$safe_task_name = Security::remove_XSS($_POST['task_name']);
-$safe_task_description = Security::remove_XSS($_POST['task_description']);
+$safe_post_title            = Security::remove_XSS($_POST['post_title']);
+$safe_post_file_comment     = Security::remove_XSS($_POST['post_file_comment']);
+$safe_post_full_text        = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['post_full_text'])), COURSEMANAGERLOWSECURITY);
+$safe_comment_text          = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['comment_text'])), COURSEMANAGERLOWSECURITY);
+$safe_comment_title         = Security::remove_XSS($_POST['comment_title']);
+$safe_task_name             = Security::remove_XSS($_POST['task_name']);
+$safe_task_description      = Security::remove_XSS($_POST['task_description']);
 
-if (!empty($_POST['new_post_submit']) AND !empty($_POST['post_title']))
-{
+if (!empty($_POST['new_post_submit']) AND !empty($_POST['post_title'])) {
 	Blog :: create_post($safe_post_title, $safe_post_full_text, $safe_post_file_comment,$blog_id);
 	$return_message = array('type' => 'confirmation', 'message' => get_lang('BlogAdded'));
 }
@@ -352,6 +350,8 @@ if ($flag == '1')
 
 $user_task = false;
 
+$course_id = api_get_course_int_id();
+
 if (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) {
 	$task_id = (int)$_GET['task_id'];
 } else {
@@ -361,6 +361,7 @@ if (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) {
 	$sql = "SELECT COUNT(*) as number
 			FROM ".$tbl_blogs_tasks_rel_user."
 			WHERE
+			    c_id = $course_id AND
 				blog_id = ".$blog_id." AND
 				user_id = ".api_get_user_id()." AND
 				task_id = ".$task_id;
diff --git a/main/forum/iframe_thread.php b/main/forum/iframe_thread.php
old mode 100755
new mode 100644
index 215b6d981b..82b9168033
--- a/main/forum/iframe_thread.php
+++ b/main/forum/iframe_thread.php
@@ -85,6 +85,8 @@ if (!api_is_allowed_to_edit(false, true) AND ($current_forum['visibility'] == 0
     }
 }
 
+$course_id = api_get_course_int_id();
+
 /* Display Forum Category and the Forum information */
 
 // We are getting all the information about the current forum and forum category.
@@ -92,7 +94,9 @@ if (!api_is_allowed_to_edit(false, true) AND ($current_forum['visibility'] == 0
 // but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table.
 
 $sql = "SELECT * FROM $table_posts posts, $table_users users
-        WHERE posts.thread_id='".$current_thread['thread_id']."'
+        WHERE 
+        posts.c_id = $course_id AND 
+        posts.thread_id='".$current_thread['thread_id']."'
         AND posts.poster_id=users.user_id
         ORDER BY posts.post_id ASC";
 $result = Database::query($sql);
diff --git a/main/forum/viewforum.php b/main/forum/viewforum.php
index 3df1df97f9..293964e094 100644
--- a/main/forum/viewforum.php
+++ b/main/forum/viewforum.php
@@ -326,6 +326,8 @@ $threads = get_threads($my_forum); // Note: This has to be cleaned first.
 
 $whatsnew_post_info = isset($_SESSION['whatsnew_post_info']) ? $_SESSION['whatsnew_post_info'] : null;
 
+$course_id = api_get_course_int_id();
+
 $counter = 0;
 if (is_array($threads)) {
     foreach ($threads as $row) {
@@ -393,7 +395,7 @@ if (is_array($threads)) {
             $attachment_list = get_attachment($row['post_id']);
             $id_attach = !empty($attachment_list) ? $attachment_list['id'] : '';
 
-            $sql_post_id = "SELECT post_id FROM $table_posts WHERE post_title='".Database::escape_string($row['thread_title'])."'";
+            $sql_post_id = "SELECT post_id FROM $table_posts WHERE c_id = $course_id AND post_title='".Database::escape_string($row['thread_title'])."'";
             $result_post_id = Database::query($sql_post_id);
             $row_post_id = Database::fetch_array($result_post_id);
 
diff --git a/main/inc/ajax/lp.ajax.php b/main/inc/ajax/lp.ajax.php
index 7862705e06..dbf105114e 100644
--- a/main/inc/ajax/lp.ajax.php
+++ b/main/inc/ajax/lp.ajax.php
@@ -8,6 +8,8 @@ require_once '../global.inc.php';
 api_protect_course_script(true);
 $action = $_REQUEST['a'];
 
+$course_id = api_get_course_int_id(); 
+
 switch ($action) {    
     case 'update_lp_item_order':
         if (api_is_allowed_to_edit(null, true)) {
@@ -34,7 +36,7 @@ switch ($action) {
             	$params['previous_item_id']	= isset($new_array[$i-1]) &&  isset($new_array[$i-1]['id']) ? $new_array[$i-1]['id'] : 0;
             	$params['next_item_id']		= isset($new_array[$i+1]) &&  isset($new_array[$i+1]['id']) ? $new_array[$i+1]['id'] : 0;            	
             	$params['parent_item_id']	= $parent_id;            	
-            	Database::update($tbl_lp_item, $params, array('id = ? '=>intval($id)));
+            	Database::update($tbl_lp_item, $params, array('id = ? AND c_id = ? '=> array(intval($id), $course_id)));
                 $counter ++;                
             }
             Display::display_confirmation_message(get_lang('Saved'));
diff --git a/main/inc/lib/blog.lib.php b/main/inc/lib/blog.lib.php
index a5298c2372..ccf924e03c 100644
--- a/main/inc/lib/blog.lib.php
+++ b/main/inc/lib/blog.lib.php
@@ -25,13 +25,15 @@ class Blog {
 	 * @return String Blog Title
 	 */
 	public static function get_blog_title ($blog_id) {
+	    $course_id = api_get_course_int_id(); 
+        
 		if(is_numeric($blog_id)) {
 			// init
 			$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
 
 			$sql = "SELECT blog_name
 					FROM " . $tbl_blogs . "
-					WHERE blog_id = " . intval($blog_id);
+					WHERE c_id = $course_id AND blog_id = " . intval($blog_id);
 
 			$result = Database::query($sql);
 			$blog = Database::fetch_array($result);
@@ -51,7 +53,8 @@ class Blog {
 	public static function get_blog_subtitle ($blog_id) {
 		// init
 		$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
-		$sql = "SELECT blog_subtitle FROM $tbl_blogs WHERE blog_id ='".intval($blog_id)."'";
+          $course_id = api_get_course_int_id(); 
+		$sql = "SELECT blog_subtitle FROM $tbl_blogs WHERE c_id = $course_id AND blog_id ='".intval($blog_id)."'";
 		$result = Database::query($sql);
 		$blog = Database::fetch_array($result);
 		return stripslashes($blog['blog_subtitle']);
@@ -237,12 +240,12 @@ class Blog {
 		
 
 		if(!empty($_FILES['user_upload']['name'])) {
-			require_once('fileUpload.lib.php');
-			$upload_ok = process_uploaded_file($_FILES['user_upload']);
+			require_once 'fileUpload.lib.php';
+			$upload_ok = process_uploaded_file($_FILES['user_upload']);            
 			$has_attachment=true;
 		}
 
-		if($upload_ok) {
+		if ($upload_ok) {
 			// Table Definitions
 			$tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS);
 
@@ -264,12 +267,9 @@ class Blog {
 				// user's file name
 				$file_name =$_FILES['user_upload']['name'];
 
-				if (!filter_extension($new_file_name))
-				{
+				if (!filter_extension($new_file_name)) {
 					Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
-				}
-				else
-				{
+				} else {
 					$new_file_name = uniqid('');
 					$new_path=$updir.'/'.$new_file_name;
 					$result= @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
@@ -280,8 +280,7 @@ class Blog {
 						$sql='INSERT INTO '.$blog_table_attachment.'(c_id, filename,comment, path, post_id,size, blog_id,comment_id) '.
 							 "VALUES ($course_id, '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".intval($_FILES['user_upload']['size'])."',  '".$blog_id."', '0' )";
 						$result=Database::query($sql);
-						$message.=' / '.get_lang('AttachmentUpload');
-						exit;
+						$message.=' / '.get_lang('AttachmentUpload');						
 					}
 				}
 			}
@@ -1335,8 +1334,9 @@ class Blog {
 	 */
 	public static function display_task_list ($blog_id) {
 		global $charset;
-		if(api_is_allowed('BLOG_' . $blog_id, 'article_add'))
-		{
+        $course_id = api_get_course_int_id(); 
+        
+		if(api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
 			// Init
 			$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
 			$counter = 0;
@@ -1360,8 +1360,7 @@ class Blog {
 				"</tr>\n";
 
 
-			$sql = "
-				SELECT
+			$sql = " SELECT
 					blog_id,
 					task_id,
 					blog_id,
@@ -1370,10 +1369,8 @@ class Blog {
 					color,
 					system_task
 				FROM " . $tbl_blogs_tasks . "
-				WHERE blog_id = " . (int)$blog_id . "
-				ORDER BY
-					system_task,
-					title";
+				WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
+				ORDER BY system_task, title";
 			$result = Database::query($sql);
 
 
@@ -1665,8 +1662,7 @@ class Blog {
 		$year	= date("Y");
 		global $MonthsLong;
 		
-		$course_id = api_get_course_int_id();
-		
+		$course_id = api_get_course_int_id();	
 
 		// Get users in this blog / make select list of it
 		$sql = "SELECT user.user_id, user.firstname, user.lastname FROM $tbl_users user
@@ -1693,10 +1689,8 @@ class Blog {
 				color,
 				system_task
 			FROM " . $tbl_blogs_tasks . "
-			WHERE blog_id = " . (int)$blog_id . "
-			ORDER BY
-				system_task,
-				title";
+			WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
+			ORDER BY system_task, title";
 		$result = Database::query($sql);
 		$select_task_list = '<select name="task_task_id">';
 
@@ -1815,9 +1809,10 @@ class Blog {
 		$sql = "
 			SELECT target_date
 			FROM $tbl_blogs_tasks_rel_user
-			WHERE blog_id = '".(int)$blog_id."'
-			AND	user_id = '".(int)$user_id."'
-			AND	task_id = '".(int)$task_id."'";
+			WHERE c_id = $course_id AND 
+			      blog_id = '".(int)$blog_id."' AND	
+			      user_id = '".(int)$user_id."' AND	
+			      task_id = '".(int)$task_id."'";
 		$result = Database::query($sql);
 		$row = Database::fetch_assoc($result);
 
@@ -1849,7 +1844,7 @@ class Blog {
 				color,
 				system_task
 			FROM " . $tbl_blogs_tasks . "
-			WHERE blog_id = " . (int)$blog_id . "
+			WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
 			ORDER BY system_task, title";
 		$result = Database::query($sql);
 
@@ -1948,7 +1943,8 @@ class Blog {
 		$sql = "
 			SELECT COUNT(*) as 'number'
 			FROM " . $tbl_blogs_tasks_rel_user . "
-			WHERE blog_id = " . (int)$blog_id . "
+			WHERE c_id = $course_id AND 
+			blog_id = " . (int)$blog_id . "
 			AND	user_id = " . (int)$user_id . "
 			AND	task_id = " . (int)$task_id . "
 		";
@@ -1985,6 +1981,7 @@ class Blog {
 		$sql = "SELECT COUNT(*) as 'number'
 			FROM " . $tbl_blogs_tasks_rel_user . "
 			WHERE
+			    c_id = $course_id AND
 				blog_id = " . (int)$blog_id . " AND
 				user_id = " . (int)$user_id . " AND
 				task_id = " . (int)$task_id . "
@@ -2802,25 +2799,23 @@ function get_blog_attachment($blog_id, $post_id=null,$comment_id=null)
 	$post_id = Database::escape_string($post_id);
 	$row=array();
 	$where='';
-	if (!empty ($post_id) && is_numeric($post_id))
-	{
+	if (!empty ($post_id) && is_numeric($post_id)) {
 		$where.=' AND post_id ="'.$post_id.'" ';
 	}
 
-	if (!empty ($comment_id) && is_numeric($comment_id) )
-	{
-		if (!empty ($post_id) )
-		{
+	if (!empty ($comment_id) && is_numeric($comment_id)) {
+		if (!empty ($post_id)) {
 			$where.= ' AND ';
 		}
 		$where.=' comment_id ="'.$comment_id.'" ';
 	}
 
-	$sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'"  '.$where;
+    $course_id = api_get_course_int_id();
+
+	$sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'"  '.$where;
 
 	$result=Database::query($sql);
-	if (Database::num_rows($result)!=0)
-	{
+	if (Database::num_rows($result)!=0) {
 		$row=Database::fetch_array($result);
 	}
 	return $row;
@@ -2843,6 +2838,8 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
 	$blog_id = Database::escape_string($blog_id);
 	$comment_id = Database::escape_string($comment_id);
 	$post_id = Database::escape_string($post_id);
+    
+    $course_id = api_get_course_int_id(); 
 
 	// delete files in DB
 	if (!empty ($post_id) && is_numeric($post_id) )
@@ -2864,7 +2861,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
 	$sys_course_path = api_get_path(SYS_COURSE_PATH);
 	$updir = $sys_course_path.$courseDir;
 
-	$sql= 'SELECT path FROM '.$blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'"  '.$where;
+	$sql= 'SELECT path FROM '.$blog_table_attachment.' WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'"  '.$where;
 	$result=Database::query($sql);
 
 	while ($row=Database::fetch_row($result))
@@ -2875,7 +2872,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
 			@ unlink($file);
 		}
 	}
-	$sql = 'DELETE FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'"  '.$where;
+	$sql = 'DELETE FROM '. $blog_table_attachment.' WHERE c_id = '.$course_id.' AND  blog_id ="'.intval($blog_id).'"  '.$where;
 	Database::query($sql);
 }
 /**
diff --git a/main/newscorm/aicc.class.php b/main/newscorm/aicc.class.php
index c95964bafa..689ecd179c 100644
--- a/main/newscorm/aicc.class.php
+++ b/main/newscorm/aicc.class.php
@@ -227,6 +227,8 @@ class aicc extends learnpath {
      * @return	bool	Returns -1 on error
      */
     function import_aicc($course_code) {
+        $course_id = api_get_course_int_id();
+        
         if ($this->debug > 0) { error_log('New LP - In aicc::import_aicc('.$course_code.')', 0); }
         // Get table names.
         $new_lp = 'lp';
@@ -237,9 +239,7 @@ class aicc extends learnpath {
         $res = Database::query($sql);
         if (Database::num_rows($res) < 1) { error_log('New LP - Database for '.$course_code.' not found '.__FILE__.' '.__LINE__, 0); return -1; }
         $row = Database::fetch_array($res);
-        
-        $course_id = api_get_course_int_id();
-        
+                
         $new_lp = Database::get_course_table(TABLE_LP_MAIN);
         $new_lp_item = Database::get_course_table(TABLE_LP_ITEM);
         $get_max = "SELECT MAX(display_order) FROM $new_lp WHERE c_id = $course_id";
diff --git a/main/newscorm/learnpath.class.php b/main/newscorm/learnpath.class.php
index a083e7b9a5..9f2461a248 100644
--- a/main/newscorm/learnpath.class.php
+++ b/main/newscorm/learnpath.class.php
@@ -437,9 +437,6 @@ class learnpath {
         $new_item_id = -1;
         $id = $this->escape_string($id);
         
-        $course_id = api_get_course_int_id();
-        
-        
         if ($type == 'quiz') {
             $sql = 'SELECT SUM(ponderation)
 					FROM ' . Database :: get_course_table(TABLE_QUIZ_QUESTION) . ' as quiz_question
@@ -454,7 +451,6 @@ class learnpath {
             $max_score = 100;
         }
         
-        
         if ($prerequisites != 0) {
             $sql_ins = "INSERT INTO " . $tbl_lp_item . " (
             					c_id, 
@@ -1000,7 +996,7 @@ class learnpath {
             error_log('New LP - learnpath::delete_item() - deleted ' . $num . ' children of element ' . $id, 0);
         }
         // Now delete the item.
-        $sql_del = "DELETE FROM $lp_item WHERE id = $id";
+        $sql_del = "DELETE FROM $lp_item WHERE c_id = $course_id AND id = $id";
         if ($this->debug > 2) {
             error_log('New LP - Deleting item: ' . $sql_del, 0);
         }
@@ -2925,8 +2921,6 @@ class learnpath {
         $lp_item_table 		= Database::get_course_table(TABLE_LP_ITEM);
         $lp_item_view_table = Database::get_course_table(TABLE_LP_ITEM_VIEW);
         $item_id 			= Database::escape_string($item_id);
-        
-        
 
         $sel = "SELECT l.lp_type as ltype, l.path as lpath, li.item_type as litype, li.path as lipath, li.parameters as liparams 
         		FROM $lp_table l, $lp_item_table li 
@@ -3001,7 +2995,8 @@ class learnpath {
                             if ($type_quiz) {
                                 $lp_item_id = Database :: escape_string($lp_item_id);
                                 $lp_view_id = Database :: escape_string($lp_view_id);
-                                $sql = "SELECT count(*) FROM $lp_item_view_table WHERE lp_item_id='" . (int) $lp_item_id . "' AND lp_view_id ='" . (int) $lp_view_id . "' AND status='completed'";
+                                $sql = "SELECT count(*) FROM $lp_item_view_table 
+                                        WHERE c_id = $course_id AND lp_item_id='" . (int) $lp_item_id . "' AND lp_view_id ='" . (int) $lp_view_id . "' AND status='completed'";
                                 $result = Database::query($sql);
                                 $row_count = Database :: fetch_row($result);
                                 $count_item_view = (int) $row_count[0];
@@ -3271,6 +3266,7 @@ class learnpath {
      * @return	integer	New display order, or false on error
      */
     public function move_item($id, $direction) {
+        $course_id = api_get_course_int_id(); 
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::move_item(' . $id . ',' . $direction . ')', 0);
         }
@@ -3412,6 +3408,7 @@ class learnpath {
      * @param	integer	Learnpath ID
      */
     public function move_up($lp_id) {
+        $course_id = api_get_course_int_id();                        
         $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
         $sql = "SELECT * FROM $lp_table WHERE c_id = ".$course_id." ORDER BY display_order";
         $res = Database::query($sql);
@@ -3452,6 +3449,7 @@ class learnpath {
      * @param	integer	Learnpath ID
      */
     public function move_down($lp_id) {
+        $course_id = api_get_course_int_id(); 
         $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
         $sql = "SELECT * FROM $lp_table ORDER BY display_order";
         $res = Database::query($sql);
@@ -3845,6 +3843,8 @@ class learnpath {
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_encoding()', 0);
         }
+        
+        $course_id = api_get_course_int_id();
 
         /* // Deprecated code (Chamilo 1.8.8).
         $enc = strtoupper($enc);
@@ -3900,6 +3900,8 @@ class learnpath {
             error_log('New LP - In learnpath::set_jslib()', 0);
         }
         $lp = $this->get_id();
+        $course_id = api_get_course_int_id();
+        
         if ($lp != 0) {
             $tbl_lp = Database :: get_course_table(TABLE_LP_MAIN);
             $sql = "UPDATE $tbl_lp SET js_lib = '$lib' WHERE c_id = ".$course_id." AND id = " . $lp;
@@ -3923,6 +3925,7 @@ class learnpath {
             return false;
         $this->maker = $this->escape_string($name);
         $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
+        $course_id = api_get_course_int_id();
         $lp_id = $this->get_id();
         $sql = "UPDATE $lp_table SET content_maker = '" . $this->maker . "' WHERE c_id = ".$course_id." AND id = '$lp_id'";
         if ($this->debug > 2) {
@@ -3947,6 +3950,7 @@ class learnpath {
         $this->name = $this->escape_string($name);
         $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
         $lp_id = $this->get_id();
+        $course_id = api_get_course_int_id();
         $sql = "UPDATE $lp_table SET name = '" . $this->name . "' WHERE c_id = ".$course_id." AND id = '$lp_id'";
         if ($this->debug > 2) {
             error_log('New LP - lp updated with new name : ' . $this->name, 0);
@@ -3970,6 +3974,7 @@ class learnpath {
      * @return  boolean False on error, true otherwise
      */
     public function set_terms_by_prefix($terms_string, $prefix) {
+        $course_id = api_get_course_int_id(); 
         if (api_get_setting('search_enabled') !== 'true')
             return false;
             
@@ -3995,7 +4000,7 @@ class learnpath {
         $items_table = Database :: get_course_table(TABLE_LP_ITEM);
         // TODO: Make query secure agains XSS : use member attr instead of post var.
         $lp_id = intval($_POST['lp_id']);
-        $sql = "SELECT * FROM $items_table WHERE lp_id = $lp_id"; 
+        $sql = "SELECT * FROM $items_table WHERE c_id = $course_id AND lp_id = $lp_id"; 
         $result = Database::query($sql);
         $di = new DokeosIndexer();
 
@@ -4048,6 +4053,7 @@ class learnpath {
      * @return   bool    Returns true if theme name is not empty
      */
     public function set_theme($name = '') {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_theme()', 0);
         }
@@ -4069,9 +4075,11 @@ class learnpath {
      * @return bool   Returns true if theme name is not empty
      */
     public function set_preview_image($name = '') {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_preview_image()', 0);
         }
+        
         $this->preview_image = $this->escape_string($name);
         $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
         $lp_id = $this->get_id();
@@ -4089,6 +4097,7 @@ class learnpath {
      * @return   bool    Returns true if author's name is not empty
      */
     public function set_author($name = '') {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_author()', 0);
         }
@@ -4108,24 +4117,24 @@ class learnpath {
 	* @return   bool    Returns true if author's name is not empty
 	*/
 	public function set_hide_toc_frame($hide) {
+	    $course_id = api_get_course_int_id();
 		if ($this->debug > 0) {
 			error_log('New LP - In learnpath::set_hide_toc_frame()', 0);
 		}
-    if (intval($hide) == $hide){
-      $this->hide_toc_frame = $hide;
-      $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
-      $lp_id = $this->get_id();
-      $sql = "UPDATE $lp_table SET hide_toc_frame = '" . $this->hide_toc_frame . "' 
-              WHERE c_id = ".$course_id." AND id = '$lp_id'";
-      if ($this->debug > 2) {
-        error_log('New LP - lp updated with new preview hide_toc_frame : ' . $this->author, 0);
-      }
-      $res = Database::query($sql);
-      return true;
-    }
-    else {
-      return false;
-    }
+        if (intval($hide) == $hide){
+            $this->hide_toc_frame = $hide;
+            $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
+            $lp_id = $this->get_id();
+            $sql = "UPDATE $lp_table SET hide_toc_frame = '" . $this->hide_toc_frame . "' 
+            WHERE c_id = ".$course_id." AND id = '$lp_id'";
+            if ($this->debug > 2) {
+                error_log('New LP - lp updated with new preview hide_toc_frame : ' . $this->author, 0);
+            }
+            $res = Database::query($sql);
+            return true;  
+        } else {
+            return false;
+        }
     }
 
     /**
@@ -4134,6 +4143,7 @@ class learnpath {
      * @return 	bool 	returns true if prerequisite is not empty
      */
     public function set_prerequisite($prerequisite) {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_prerequisite()', 0);
         }
@@ -4155,6 +4165,7 @@ class learnpath {
      * @return  boolean True on success / False on error
      */
     public function set_proximity($name = '') {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_proximity()', 0);
         }
@@ -4191,6 +4202,7 @@ class learnpath {
      * @return  boolean True on success / False on error
      */
     public function set_use_max_score($use_max_score = 1) {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_use_max_score()', 0);
         }        
@@ -4213,6 +4225,7 @@ class learnpath {
      * @return   bool    Returns true if author's name is not empty
      */
     public function set_expired_on($expired_on) {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_expired_on()', 0);
         }
@@ -4239,6 +4252,7 @@ class learnpath {
      * @return   bool    Returns true if author's name is not empty
      */
     public function set_publicated_on($publicated_on) {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::set_expired_on()', 0);
         }
@@ -4391,6 +4405,7 @@ class learnpath {
      * @return	string The current default view mode ('fullscreen' or 'embedded')
      */
     public function update_default_view_mode() {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::update_default_view_mode()', 0);
         }
@@ -4424,6 +4439,7 @@ class learnpath {
      * @return	boolean	True if auto-commit has been set to 'on', false otherwise
      */
     public function update_default_scorm_commit() {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::update_default_scorm_commit()', 0);
         }
@@ -4457,8 +4473,8 @@ class learnpath {
      * @return	bool	True on success, false on failure
      */
     public function update_display_order() {
+        $course_id = api_get_course_int_id();        
         $lp_table = Database :: get_course_table(TABLE_LP_MAIN);
-        $course_id = api_get_course_int_id();
         
         $sql = "SELECT * FROM $lp_table WHERE c_id = ".$course_id." ORDER BY display_order";
         $res = Database::query($sql);
@@ -4488,6 +4504,7 @@ class learnpath {
      * @return	boolean	True if prevent_reinit has been set to 'on', false otherwise (or 1 or 0 in this case)
      */
     public function update_reinit() {
+        $course_id = api_get_course_int_id();                
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::update_reinit()', 0);
         }
@@ -4547,7 +4564,8 @@ class learnpath {
    * @author ndiechburg <noel@cblue.be>
    **/
   public function set_attempt_mode($mode) {
-    switch ($mode) {
+        $course_id = api_get_course_int_id();
+        switch ($mode) {
     case 'seriousgame' : 
       $sg_mode = 1;
       $prevent_reinit = 1;
@@ -4584,28 +4602,27 @@ class learnpath {
    * @return boolean
    * @author ndiechburg <noel@cblue.be>
    **/
-  public function switch_attempt_mode()
-  {
-    if ($this->debug > 0) {
-      error_log('New LP - In learnpath::switch_attempt_mode()', 0);
-    }
-    $mode = $this->get_attempt_mode();
-    switch ($mode) {
-    case 'single' :
-      $next_mode = 'multiple';
-      break;
-    case 'multiple' :
-      $next_mode = 'seriousgame';
-      break;
-    case 'seriousgame' :
-      $next_mode = 'single';
-      break;
-    default : 
-      $next_mode = 'single';
-      break;
+    public function switch_attempt_mode() {
+        if ($this->debug > 0) {
+          error_log('New LP - In learnpath::switch_attempt_mode()', 0);
+        }
+        $mode = $this->get_attempt_mode();
+        switch ($mode) {
+        case 'single' :
+          $next_mode = 'multiple';
+          break;
+        case 'multiple' :
+          $next_mode = 'seriousgame';
+          break;
+        case 'seriousgame' :
+          $next_mode = 'single';
+          break;
+        default : 
+          $next_mode = 'single';
+          break;
+        }
+        $this->set_attempt_mode($next_mode);
     }
-    $this->set_attempt_mode($next_mode);
-  }
 
   /**
    * Swithc the lp in ktm mode. This is a special scorm mode with unique attempt but possibility to do again a completed item.
@@ -4613,8 +4630,8 @@ class learnpath {
    * @return boolean true if seriousgame_mode has been set to 1, false otherwise
    * @author ndiechburg <noel@cblue.be>
    **/
-  public function set_seriousgame_mode()
-  {
+    public function set_seriousgame_mode() {
+        $course_id = api_get_course_int_id();
 		if ($this->debug > 0) {
 			error_log('New LP - In learnpath::set_seriousgame_mode()', 0);
 		}
@@ -4646,6 +4663,7 @@ class learnpath {
      * @return	boolean	True if scorm_debug has been set to 'on', false otherwise (or 1 or 0 in this case)
      */
     public function update_scorm_debug() {
+        $course_id = api_get_course_int_id();
         if ($this->debug > 0) {
             error_log('New LP - In learnpath::update_scorm_debug()', 0);
         }
diff --git a/main/newscorm/learnpath_functions.inc.php b/main/newscorm/learnpath_functions.inc.php
index 14600ce001..4f3a0cc2e8 100644
--- a/main/newscorm/learnpath_functions.inc.php
+++ b/main/newscorm/learnpath_functions.inc.php
@@ -700,7 +700,7 @@ function is_prereq($learnpath_id) {
     $result_items = Database::query($sql_items);
     while ($ar = Database::fetch_array($result_items)) {
         $c = $ar['id'];
-        $sql_items2 = "SELECT * FROM $tbl_lp_item WHERE lp_id = $learnpath_id AND parent_item_id='$c' ORDER BY display_order ASC";
+        $sql_items2 = "SELECT * FROM $tbl_lp_item WHERE c_id = $course_id AND lp_id = $learnpath_id AND parent_item_id='$c' ORDER BY display_order ASC";
         $result_items2 = Database::query($sql_items2);
         while ($ar2 = Database::fetch_array($result_items2)) {
             if ($ar2['prerequisite'] != '') {
diff --git a/main/newscorm/lp_add.php b/main/newscorm/lp_add.php
index fd0190f7f9..fe5609a7fa 100644
--- a/main/newscorm/lp_add.php
+++ b/main/newscorm/lp_add.php
@@ -86,7 +86,8 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
 }
 // From here on, we are admin because of the previous condition, so don't check anymore.
 
-$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
+$course_id = api_get_course_int_id();
+$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
 $result = Database::query($sql_query);
 $therow = Database::fetch_array($result);
 
diff --git a/main/newscorm/lp_add_item.php b/main/newscorm/lp_add_item.php
old mode 100755
new mode 100644
index bd90cf4e26..3f3ff64dea
--- a/main/newscorm/lp_add_item.php
+++ b/main/newscorm/lp_add_item.php
@@ -157,8 +157,9 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
     exit;
 }
 // From here on, we are admin because of the previous condition, so don't check anymore.
+$course_id = api_get_course_int_id();
 
-$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
+$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
 $result = Database::query($sql_query);
 $therow = Database::fetch_array($result);
 
diff --git a/main/newscorm/lp_admin_view.php b/main/newscorm/lp_admin_view.php
old mode 100755
new mode 100644
index dd04edd92c..7f8f5c1278
--- a/main/newscorm/lp_admin_view.php
+++ b/main/newscorm/lp_admin_view.php
@@ -34,7 +34,7 @@ $language_file = "learnpath";
 
 $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
 
-$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
+$tbl_lp      = Database::get_course_table(TABLE_LP_MAIN);
 $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
 $tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW);
 
@@ -54,7 +54,9 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
 }
 // From here on, we are admin because of the previous condition, so don't check anymore.
 
-$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
+$course_id = api_get_course_int_id(); 
+
+$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
 $result = Database::query($sql_query);
 $therow = Database::fetch_array($result);
 
@@ -242,7 +244,7 @@ if (isset($_POST['save_audio'])) {
         }
     }
     if (count($lp_items_to_remove_audio)>0) {
-        $sql 	= "UPDATE $tbl_lp_item SET audio = '' WHERE id IN (".$in.")";
+        $sql 	= "UPDATE $tbl_lp_item SET audio = '' WHERE c_id = $course_id AND id IN (".$in.")";
         $result = Database::query($sql);
     }           
 
@@ -296,7 +298,8 @@ if (isset($_POST['save_audio'])) {
 
             // Store the mp3 file in the lp_item table.
             $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
-            $sql_insert_audio = "UPDATE $tbl_lp_item SET audio = '".Database::escape_string($file)."' WHERE id = '".Database::escape_string($lp_item_id)."'";
+            $sql_insert_audio = "UPDATE $tbl_lp_item SET audio = '".Database::escape_string($file)."' 
+                                 WHERE c_id = $course_id AND id = '".Database::escape_string($lp_item_id)."'";
             Database::query($sql_insert_audio);
         }
     }
diff --git a/main/newscorm/lp_edit_item.php b/main/newscorm/lp_edit_item.php
old mode 100755
new mode 100644
index 095de9f912..febe7626fa
--- a/main/newscorm/lp_edit_item.php
+++ b/main/newscorm/lp_edit_item.php
@@ -74,7 +74,8 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
 }
 // From here on, we are admin because of the previous condition, so don't check anymore.
 
-$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
+$course_id = api_get_course_int_id();
+$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
 $result = Database::query($sql_query);
 $therow = Database::fetch_array($result);
 
@@ -138,7 +139,7 @@ echo '<table cellpadding="0" cellspacing="0" class="lp_build">';
         $path_item = isset($_GET['path_item']) ? $_GET['path_item'] : 0;
         $path_item = Database::escape_string($path_item);
         $tbl_doc = Database :: get_course_table(TABLE_DOCUMENT);
-        $sql_doc = "SELECT path FROM " . $tbl_doc . " WHERE id = '". $path_item."' ";
+        $sql_doc = "SELECT path FROM " . $tbl_doc . " WHERE c_id = $course_id AND id = '". $path_item."' ";
         $res_doc = Database::query($sql_doc);
         $path_file = Database::result($res_doc, 0, 0);
         $path_parts = pathinfo($path_file);
diff --git a/main/newscorm/lp_move_item.php b/main/newscorm/lp_move_item.php
old mode 100755
new mode 100644
index 5e3c20e7cb..aa7c0412e2
--- a/main/newscorm/lp_move_item.php
+++ b/main/newscorm/lp_move_item.php
@@ -58,7 +58,7 @@ $_SESSION['oLP']->get_js_dropdown_array() .
 
 $is_allowed_to_edit = api_is_allowed_to_edit(null, true);
 
-$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
+$tbl_lp      = Database::get_course_table(TABLE_LP_MAIN);
 $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
 $tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW);
 
@@ -91,7 +91,9 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
 }
 // From here on, we are admin because of the previous condition, so don't check anymore.
 
-$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
+$course_id = api_get_course_int_id();
+$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
+
 $result = Database::query($sql_query);
 $therow = Database::fetch_array($result);
 
diff --git a/main/newscorm/lp_view_item.php b/main/newscorm/lp_view_item.php
old mode 100755
new mode 100644
index 2008b51d6e..2bb4c7c0ba
--- a/main/newscorm/lp_view_item.php
+++ b/main/newscorm/lp_view_item.php
@@ -95,7 +95,8 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
 }
 // From here on, we are admin because of the previous condition, so don't check anymore.
 
-$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
+$course_id = api_get_course_int_id();
+$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
 $result=Database::query($sql_query);
 $therow=Database::fetch_array($result);
 
diff --git a/main/newscorm/resourcelinker.inc.php b/main/newscorm/resourcelinker.inc.php
index 3588d12ccf..e29035cc5b 100644
--- a/main/newscorm/resourcelinker.inc.php
+++ b/main/newscorm/resourcelinker.inc.php
@@ -1584,7 +1584,9 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
     $learnpath_id 	= intval($learnpath_id);
     $id_in_path		= intval($id_in_path);
     
-    $sql_item = "SELECT * FROM $tbl_lp_item WHERE lp_id = $learnpath_id AND id = $id_in_path";
+    $course_id = $_course['real_id'];
+    
+    $sql_item = "SELECT * FROM $tbl_lp_item WHERE c_id = $course_id AND lp_id = $learnpath_id AND id = $id_in_path";
     $res_item = Database::query($sql_item);
     if (Database::num_rows($res_item) < 1) return -1; //exit
     $row_item = Database::fetch_array($res_item);
@@ -1607,16 +1609,16 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
             $link .= $main_dir_path.'announcements/announcements.php?origin='.$origin.'&ann_id='.$id;
             break;
         case TOOL_LINK:
-            $TABLETOOLLINK = Database::get_course_table(TABLE_LINK,$_course['database']);
-            $result= Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$id");
+            $TABLETOOLLINK = Database::get_course_table(TABLE_LINK);
+            $result= Database::query("SELECT * FROM $TABLETOOLLINK WHERE c_id = $course_id AND id=$id");
             $myrow=Database::fetch_array($result);
             $thelink=$myrow["url"];
             $link .= $thelink;
             break;
         case TOOL_QUIZ:
             if (!empty($id)) {
-                $TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST,$_course['database']);
-                $sql = "SELECT * FROM $TBL_EXERCICES WHERE id=$id";
+                $TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
+                $sql = "SELECT * FROM $TBL_EXERCICES WHERE c_id = $course_id AND id=$id";
                 $result= Database::query($sql);
                 $myrow=Database::fetch_array($result);
 
@@ -1627,7 +1629,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
             break;
         case 'hotpotatoes': //lowercase because of strtolower above
             $TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
-            $result = Database::query("SELECT * FROM ".$TBL_DOCUMENT." WHERE id=$id");
+            $result = Database::query("SELECT * FROM ".$TBL_DOCUMENT." WHERE c_id = $course_id AND  id=$id");
             $myrow = Database::fetch_array($result);
             $path = $myrow['path'];
             $link .= $main_dir_path.'exercice/showinframes.php?file='.$path.'' .
@@ -1638,9 +1640,9 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
             $link .= $main_dir_path.'forum/viewforum.php?forum='.$id.'&lp=true&origin=learnpath';
             break;
         case TOOL_THREAD:  //forum post
-            $tbl_topics = Database::get_course_table(TABLE_FORUM_THREAD, $_course['database']);
+            $tbl_topics = Database::get_course_table(TABLE_FORUM_THREAD);
             if (!empty($id)) {
-                $sql = "SELECT * FROM $tbl_topics where thread_id=$id";
+                $sql = "SELECT * FROM $tbl_topics WHERE c_id = $course_id AND thread_id=$id";
                 $result = Database::query($sql);
                 $myrow = Database::fetch_array($result);
                 $link .= $main_dir_path.'forum/viewthread.php?origin=learnpath&thread='.$id.'' .
@@ -1648,8 +1650,8 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
             }
             break;
         case TOOL_POST:
-            $tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
-            $result = Database::query("SELECT * FROM $tbl_post where post_id=$id");
+            $tbl_post = Database::get_course_table(TABLE_FORUM_POST);
+            $result = Database::query("SELECT * FROM $tbl_post WHERE c_id = $course_id AND post_id=$id");
             $myrow = Database::fetch_array($result);
             $title = $myrow['post_title'];
             //$desc = $row_item['description'];
@@ -1664,8 +1666,8 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
                     '&lp=true';
             break;
         case TOOL_DOCUMENT:
-            $tbl_doc = Database::get_course_table(TABLE_DOCUMENT,$_course['database']);
-            $sql = "SELECT * FROM $tbl_doc WHERE id=$id";
+            $tbl_doc = Database::get_course_table(TABLE_DOCUMENT);
+            $sql = "SELECT * FROM $tbl_doc WHERE c_id = $course_id AND id=$id";
             $result = Database::query($sql);
             $myrow = Database::fetch_array($result);
             $docurl = str_replace('%2F', '/', urlencode($myrow['path']));
@@ -1710,10 +1712,10 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
  */
 function rl_get_resource_name($course_code, $learnpath_id, $id_in_path) {
     $_course = Database::get_course_info($course_code);
+    $course_id = $_course['real_id'];
     $tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
 
-    $sql_item = "SELECT * FROM $tbl_lp_item " .
-            "WHERE lp_id = $learnpath_id AND id = $id_in_path";
+    $sql_item = "SELECT * FROM $tbl_lp_item WHERE c_id = $course_id AND lp_id = $learnpath_id AND id = $id_in_path";
     $res_item = Database::query($sql_item);
 
     if (Database::num_rows($res_item) < 1) {
@@ -1726,48 +1728,48 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path) {
 
     switch ($type) {
         case TOOL_CALENDAR_EVENT:
-            $TABLEAGENDA = Database::get_course_table(TABLE_AGENDA,$_course['database']);
-            $result = Database::query("SELECT * FROM $TABLEAGENDA WHERE id=$id");
+            $TABLEAGENDA = Database::get_course_table(TABLE_AGENDA);
+            $result = Database::query("SELECT * FROM $TABLEAGENDA WHERE c_id = $course_id AND id=$id");
             $myrow = Database::fetch_array($result);
             $output = $myrow['title'];
             break;
         case TOOL_ANNOUNCEMENT:
-            $tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT,$_course['database']);
-            $result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id");
+            $tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
+            $result = Database::query("SELECT * FROM $tbl_announcement WHERE c_id = $course_id AND id=$id");
             $myrow = Database::fetch_array($result);
             $output = $myrow['title'];
             break;
         case TOOL_LINK:
             // Doesn't take $target into account.
-            $TABLETOOLLINK = Database::get_course_table(TABLE_LINK,$_course['database']);
-            $result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$id");
+            $TABLETOOLLINK = Database::get_course_table(TABLE_LINK);
+            $result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE c_id = $course_id AND id=$id");
             $myrow = Database::fetch_array($result);
             $output = $myrow['title'];
             break;
         case TOOL_QUIZ:
-            $TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST,$_course['database']);
-            $result = Database::query("SELECT * FROM $TBL_EXERCICES WHERE id=$id");
+            $TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
+            $result = Database::query("SELECT * FROM $TBL_EXERCICES WHERE c_id = $course_id AND id=$id");
             $myrow = Database::fetch_array($result);
             $output = $myrow['title'];
             break;
         case TOOL_FORUM:
-            $TBL_FORUMS = Database::get_course_table(TABLE_FORUM,$_course['database']);
-            $result = Database::query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id");
+            $TBL_FORUMS = Database::get_course_table(TABLE_FORUM);
+            $result = Database::query("SELECT * FROM $TBL_FORUMS WHERE c_id = $course_id AND forum_id=$id");
             $myrow = Database::fetch_array($result);
             $output = $myrow['forum_name'];
             break;
         case TOOL_THREAD:  //=topics
-            $tbl_post = Database::get_course_table(TABLE_FORUM_POST, $_course['database']);
+            $tbl_post = Database::get_course_table(TABLE_FORUM_POST);
             // Grabbing the title of the post.
-            $sql_title = "SELECT * FROM $tbl_post WHERE post_id=".$id;
+            $sql_title = "SELECT * FROM $tbl_post WHERE c_id = $course_id AND post_id=".$id;
             $result_title = Database::query($sql_title);
             $myrow_title = Database::fetch_array($result_title);
             $output = $myrow_title['post_title'];
             break;
         case TOOL_POST:
-            $tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
+            $tbl_post = Database::get_course_table(TABLE_FORUM_POST);
             //$tbl_post_text = Database::get_course_table(FORUM_POST_TEXT_TABLE);
-            $sql = "SELECT * FROM $tbl_post p WHERE p.post_id = $id";
+            $sql = "SELECT * FROM $tbl_post p WHERE c_id = $course_id AND p.post_id = $id";
             $result = Database::query($sql);
             $post = Database::fetch_array($result);
             $output = $post['post_title'];
@@ -1789,8 +1791,8 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path) {
             }
             break;
         case 'hotpotatoes':
-            $tbl_doc = Database::get_course_table(TABLE_DOCUMENT, $_course['database']);
-            $result = Database::query("SELECT * FROM $tbl_doc WHERE id=$id");
+            $tbl_doc = Database::get_course_table(TABLE_DOCUMENT);
+            $result = Database::query("SELECT * FROM $tbl_doc WHERE c_id = $course_id AND id=$id");
             $myrow = Database::fetch_array($result);
             $pathname = explode('/', $myrow['path']); // Making a correct name for the link.
             $last = count($pathname) - 1;  // Making a correct name for the link.