- $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
- array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT `subject`, `url` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `id`=%s AND `sender`=%s AND `data_type`='TEMP' LIMIT 1",
+ array(bigintval(getRequestElement('order')), getUserId()), __FILE__, __LINE__);