Bug 23093: (bug 22318 follow-up) Use placeholders in query moving OpacNavRight

Placeholders must be used (!) in all SQL queries.

Test plan:
1/ % git checkout 0c95e22afe # commit before bug 22318
2/ Edit the pref OpacNavRight with something with "
  just a " and more '
3/ git checkout master
4/ restart_all
5/ run updatedatabase.pl
=> Boom and the content of the pref has been lost
6/ Repeat 1 to 3
7/ Apply this patch
8/ run updatedatabase.pl
=> The pref has been correctly moved to opac_news

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

installer/data/mysql/updatedatabase.pl

@@ -18217,7 +18217,7 @@ if( CheckVersion( $DBversion ) ) {
     |);
     if( $OpacNavRight ){
         # If there is a value in the OpacNavRight preference, insert it into opac_news
-        $dbh->do("INSERT INTO opac_news (branchcode, lang, title, content ) VALUES (NULL, 'OpacNavRight_$langs[0]', '', '$OpacNavRight')");
+        $dbh->do("INSERT INTO opac_news (branchcode, lang, title, content ) VALUES (NULL, ?, '', ?)", undef, "OpacNavRight_$langs[0]", $OpacNavRight);
     }
     # Remove the OpacNavRight system preference
     $dbh->do("DELETE FROM systempreferences WHERE variable='OpacNavRight'");