From 25b2fdfe928d69e4bea5dedd6170cccb6439724c Mon Sep 17 00:00:00 2001
From: Yannick Warnier <ywarnier@beeznest.org>
Date: Tue, 24 Oct 2023 17:37:12 +0200
Subject: [PATCH] Admin: Fix duplicate users page query - refs BT#21146

---
 main/inc/lib/statistics.lib.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main/inc/lib/statistics.lib.php b/main/inc/lib/statistics.lib.php
index 235be76629..fa2e6a0192 100644
--- a/main/inc/lib/statistics.lib.php
+++ b/main/inc/lib/statistics.lib.php
@@ -1917,8 +1917,10 @@ class Statistics
         $usersInfo = [];
 
         while ($rowStat = Database::fetch_assoc($result)) {
+            $firstname = Database::escape_string($rowStat['firstname']);
+            $lastname = Database::escape_string($rowStat['lastname']);
             $subsql = "SELECT id, email, registration_date, status, active
-                FROM user WHERE firstname = '{$rowStat['firstname']}' AND lastname = '{$rowStat['lastname']}'"
+                FROM user WHERE firstname = '$firstname' AND lastname = '$lastname'"
             ;
 
             $subResult = Database::query($subsql);