- if($is_default_profile) {
- $r = q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d",
- dbesc($base_image['resource-id']),
- intval(local_user())
- );
-
- $r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `self` AND `uid` = %d",
- dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-4.' . $im->getExt()),
- dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-5.' . $im->getExt()),
- dbesc(System::baseUrl() . '/photo/' . $base_image['resource-id'] . '-6.' . $im->getExt()),
- intval(local_user())
+ if ($is_default_profile) {
+ q("UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d",
+ DBA::escape($base_image['resource-id']), intval(local_user())