$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
$MODE = "guest";
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
$MODE = "guest";
- $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d AND sender=%d AND data_type='TEMP' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
// Load subject and URL (but forwhat do we need the subject line here???
list($sub, $url) = SQL_FETCHROW($result);
// Load subject and URL (but forwhat do we need the subject line here???
list($sub, $url) = SQL_FETCHROW($result);