diff --git a/html/includes/graphs/atmvp/auth.inc.php b/html/includes/graphs/atmvp/auth.inc.php
index 37e641401c..b49dc234e4 100644
--- a/html/includes/graphs/atmvp/auth.inc.php
+++ b/html/includes/graphs/atmvp/auth.inc.php
@@ -2,11 +2,7 @@
 
 if ($_GET['id'] && is_numeric($_GET['id'])) { $atm_vp_id = $_GET['id']; }
 
-$sql =  "SELECT * FROM `juniAtmVp` as J, `ports` AS I, `devices` AS D";
-$sql .= " WHERE J.juniAtmVp_id = '".$atm_vp_id."' AND I.interface_id = J.interface_id AND I.device_id = D.device_id";
-
-$query = mysql_query($sql);
-$vp = mysql_fetch_assoc($query);
+$vp = dbFetchRow("SELECT * FROM `juniAtmVp` as J, `ports` AS I, `devices` AS D WHERE J.juniAtmVp_id = ? AND I.interface_id = J.interface_id AND I.device_id = D.device_id", array($atm_vp_id));
 
 if ($config['allow_unauth_graphs'] || port_permitted($vp['interface_id']))
 {
@@ -19,4 +15,4 @@ if ($config['allow_unauth_graphs'] || port_permitted($vp['interface_id']))
   $rrd_filename = $config['rrd_dir'] . "/" . $vp['hostname'] . "/" . safename("vp-" . $vp['ifIndex'] . "-".$vp['vp_id'].".rrd");
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/html/pages/syslog.inc.php b/html/pages/syslog.inc.php
index 83ed4ea80c..0e93eaa35c 100644
--- a/html/pages/syslog.inc.php
+++ b/html/pages/syslog.inc.php
@@ -13,8 +13,7 @@
     <select name="program" id="program">
       <option value="">All Programs</option>
       <?php
-        $query = mysql_query("SELECT `program` FROM `syslog` GROUP BY `program` ORDER BY `program`");
-        while ($data = mysql_fetch_assoc($query))
+        foreach (dbFetchRows("SELECT `program` FROM `syslog` GROUP BY `program` ORDER BY `program`") as $data)
         {
           echo("<option value='".$data['program']."'");
 	  if ($data['program'] == $_POST['program']) { echo("selected"); }
@@ -28,8 +27,7 @@
     <select name="device" id="device">
       <option value="">All Devices</option>
       <?php
-        $query = mysql_query("SELECT * FROM `devices` ORDER BY `hostname`");
-        while ($data = mysql_fetch_assoc($query))
+        foreach (dbFetchRows("SELECT * FROM `devices` ORDER BY `hostname`") as $data)
         {
           echo("<option value='".$data['device_id']."'");
 
@@ -51,17 +49,20 @@ print_optionbar_end();
 
 if ($_POST['string'])
 {
-  $where = " AND S.msg LIKE '%".$_POST['string']."%'";
+  $where = " AND S.msg LIKE ?";
+  $array[] = "%".$_POST['string']."%";
 }
 
 if ($_POST['program'])
 {
-  $where .= " AND S.program = '".$_POST['program']."'";
+  $where .= " AND S.program = ?";
+  $array[] = $_POST['program'];
 }
 
 if ($_POST['device'])
 {
-  $where .= " AND D.device_id = '".$_POST['device']."'";
+  $where .= " AND D.device_id = ?";
+  $array[] = $_POST['device'];
 }
 
 if ($_SESSION['userlevel'] >= '5')
@@ -70,16 +71,16 @@ if ($_SESSION['userlevel'] >= '5')
           WHERE 1 $where ORDER BY timestamp DESC LIMIT 1000";
 } else {
   $sql = "SELECT *, DATE_FORMAT(timestamp, '%D %b %T') AS date from syslog AS S, devices_perms AS P
-          WHERE S.device_id = P.device_id AND P.user_id = " . $_SESSION['user_id'] . " $where ORDER BY timestamp DESC LIMIT 1000";
+          WHERE S.device_id = P.device_id AND P.user_id = ? $where ORDER BY timestamp DESC LIMIT 1000";
+  $array = array_merge(array($_SESSION['user_id']), $array);
 }
 
-$query = mysql_query($sql);
 echo("<table cellspacing=0 cellpadding=2 width=100%>");
-while ($entry = mysql_fetch_assoc($query))
+foreach (dbFetchRows($sql, $array) as $entry)
 {
   $entry = array_merge($entry, device_by_id_cache($entry['device_id']));
   include("includes/print-syslog.inc.php");
 }
 echo("</table>");
 
-?>
\ No newline at end of file
+?>