Even more fixes for SQL problems :-(

[mailer.git] / inc / libs / register_functions.php

diff --git a/inc/libs/register_functions.php b/inc/libs/register_functions.php
index d73f86568fe9d32b1e0f5aa40e7611e26cfb8d02..9218d5e93dcf422b14e147c7c123f29a95ae1063 100644 (file)
--- a/inc/libs/register_functions.php
+++ b/inc/libs/register_functions.php
@@ -48,8 +48,10 @@ function ifRequiredRegisterFieldsAreSet (&$array) {
        $ret = true;
        foreach ($array as $key => $value) {
                // Check all fields that must register
-               $result = SQL_QUERY("SELECT `id` FROM `{?_MYSQL_PREFIX?}_must_register` WHERE `field_name`='".$key."' AND `field_required`='Y' LIMIT 1",
-                       __FUNCTION__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_must_register` WHERE `field_name`='%s' AND `field_required`='Y' LIMIT 1",
+                       array($key), __FUNCTION__, __LINE__);
+
+               // Entry found?
                if (SQL_NUMROWS($result) == 1) {
                        // Check if extension country is not found (you have to enter the 2-chars long country code) or
                        // if extensions is present check if country code was selected
@@ -355,7 +357,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
                bigintval(postRequestParameter('refid')),
                $hash,
                detectRemoteAddr(),
-       ), __FILE__, __LINE__);
+       ), __FUNCTION__, __LINE__);
 
        // Get his userid
        $userid = bigintval(SQL_INSERTID());
@@ -380,7 +382,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
        // @TODO Rewrite this whole if() block to addPointsThroughReferalSystem(). This will also make following if() block obsolete
        // @TODO Wether the registration bonus should only be added to user directly or through referal system should be configurable
        $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_points` WHERE `userid`=%s AND `ref_depth`=0 LIMIT 1",
-               array($userid), __FILE__, __LINE__);
+               array($userid), __FUNCTION__, __LINE__);
        if (SQL_HASZERONUMS($result)) {
                // Add only when the line was not found (maybe some more secure?)
                $locked = 'points';
@@ -389,7 +391,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
                if (getConfig('ref_payout') > 0) $locked = 'locked_points';
 
                SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_points` (`userid`, `ref_depth`, `%s`) VALUES (%s,0,'{?points_register?}')",
-                       array($locked, $userid), __FILE__, __LINE__);
+                       array($locked, $userid), __FUNCTION__, __LINE__);
 
                // Update mediadata as well
                if ((isExtensionInstalledAndNewer('mediadata', '0.0.4')) && ($locked == 'points')) {
@@ -404,7 +406,7 @@ VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONF
                        if ($joined == 'Y') {
                                // Insert category entry
                                SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_cats` (`userid`, `cat_id`) VALUES (%s, %s)",
-                                       array($userid, bigintval($cat)), __FILE__, __LINE__);
+                                       array($userid, bigintval($cat)), __FUNCTION__, __LINE__);
                        } // END - if
                } // END - foreach
        } // END - if