if (isPostRequestParameterSet(('status'))) {
// Change status
if (postRequestParameter('active', $id) == 'Y') {
- $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET theme_active='N' WHERE `id`='".$id."' LIMIT 1";
+ $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET theme_active='N' WHERE `id`=" . bigintval($id) . " LIMIT 1";
} else {
- $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET theme_active='Y' WHERE `id`='".$id."' LIMIT 1";
+ $sql = "UPDATE `{?_MYSQL_PREFIX?}_themes` SET theme_active='Y' WHERE `id`=" . bigintval($id) . " LIMIT 1";
}
$OUT = getMessage('ADMIN_THEMES_UPDATED');
} elseif (isFormSent('del')) {
// Delete themes
- $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_themes` WHERE `id`='".$id."' LIMIT 1";
+ $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_themes` WHERE `id`=" . bigintval($id) . " LIMIT 1";
$OUT = getMessage('ADMIN_THEMES_DELETED');
}