if (!empty($_GET['u_id']))
{
// Check if the user already exists
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
while (list($cid, $cat) = SQL_FETCHROW($result_cats))
{
// Check user's selection
- $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%d AND cat_id=%d LIMIT 1",
+ $result_user = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_cats WHERE userid=%s AND cat_id=%s LIMIT 1",
array(bigintval($_GET['u_id']), bigintval($cid)), __FILE__, __LINE__);
// Set selection