-// Let's check if there are some points left we can "pay"...
-$result = SQL_QUERY_ESC("SELECT userid, ".$USE." AS points, last_online FROM "._MYSQL_PREFIX."_user_data
-WHERE ".$USE." > 0 AND status='CONFIRMED'".$LAST."
-ORDER BY points DESC, last_online DESC, userid
-LIMIT %s",
- array($ONLINE, getConfig('bonus_ranks')), __FILE__, __LINE__);
+// Let's check if there are some points left we can 'pay'...
+$result = sqlQueryEscaped("SELECT
+ `userid`,
+ ".$pointsColumns." AS `points`,
+ `last_online`
+FROM
+ `{?_MYSQL_PREFIX?}_user_data`
+WHERE
+ " . $pointsColumns . " > 0 AND
+ `status`='CONFIRMED'
+ " . runFilterChain('user_exclusion_sql', ' ') . "
+ " . $lastOnline . "
+ORDER BY
+ `points` DESC,
+ `last_online` DESC,
+ `userid` ASC
+LIMIT {?bonus_ranks?}",
+ array(
+ $ONLINE
+ ), __FILE__, __LINE__);