Fix SQL injections in ajax_table.php (#11920)

* Fix SQL injections via searchPhrase parameter

* Fix SQL injections via address parameter

* Fix sort injection

Co-authored-by: Tony Murray <murraytony@gmail.com>

includes/html/table/processor.inc.php

@@ -28,7 +28,9 @@ if (!Auth::user()->hasGlobalRead()) {
 
 $sql .= " WHERE $where";
 if (isset($searchPhrase) && !empty($searchPhrase)) {
-    $sql .= " AND (`hostname` LIKE '%$searchPhrase%' OR `processor_descr` LIKE '%$searchPhrase%')";
+    $sql .= " AND (`hostname` LIKE ? OR `processor_descr` LIKE ?)";
+    $param[] = "%$searchPhrase%";
+    $param[] = "%$searchPhrase%";
 }
 
 $count_sql = "SELECT COUNT(`processor_id`) $sql";