if (isset($_POST['ok']))
{
// Make mail editable...
- $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
array(bigintval($_POST['id'])), __FILE__, __LINE__);
list($subj, $text, $url) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
subject='%s',
text='%s',
url='%s'
-WHERE id=%d LIMIT 1",
+WHERE id=%s LIMIT 1",
array(
addslashes($_POST['subj']),
addslashes($_POST['text']),