-if (defined('mxchange_installed') && (isBooleanConstantAndTrue('mxchange_installed')))
-{
- // Probe for referral ID
- if (!empty($_GET['refid'])) $GLOBALS['refid'] = bigintval($_GET['refid']);
-
- // Probe for nickname extension and if a nickname was supplied by URL
- $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($GLOBALS['refid'])."") != $GLOBALS['refid']));
- if ($probe_nickname)
- {
- // Nickname in URL, so load the ID
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' LIMIT 1",
- array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
- }
- else
- {
- // Direct userid entered
- $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
- array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
- }
+if (isBooleanConstantAndTrue('mxchange_installed')) {
+ // Probe for referal ID
+ if (!empty($_GET['refid'])) $GLOBALS['refid'] = SQL_ESCAPE($_GET['refid']);
+
+ // Only check this if refid is provided!
+ if ($GLOBALS['refid'] > 0) {
+ // Probe for nickname extension and if a nickname was supplied by URL
+ $probe_nickname = ((EXT_IS_ACTIVE("nickname")) && (("".round($GLOBALS['refid'])."") != $GLOBALS['refid']));
+
+ // Do we have nickname or userid set?
+ if ($probe_nickname) {
+ // Nickname in URL, so load the ID
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE nickname='%s' LIMIT 1",
+ array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
+ } else {
+ // Direct userid entered
+ $result = SQL_QUERY_ESC("SELECT userid, status FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
+ array(bigintval($GLOBALS['refid'])), __FILE__, __LINE__);
+ }