SET
`status`='CONFIRMED'
WHERE
- `id`='%s' AND
+ `id`=%s AND
`hash`='%s' AND
`status`='EMAIL'
LIMIT 1",
if (isFormSent()) {
// Check email
- $result = SQL_QUERY_ESC("SELECT `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
-FROM `{?_MYSQL_PREFIX?}_sponsor_data`
-WHERE `email`='%s' AND `id`='%s' AND `status`='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT
+ `id`, `hash`, `remote_addr`, `gender`, `surname`, `family`, `sponsor_created`
+FROM
+ `{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+ `email`='%s' AND
+ `id`=%s AND
+ `status`='CONFIRMED'
+LIMIT 1",
array(postRequestParameter('email'), bigintval(postRequestParameter('id'))), __FILE__, __LINE__);
// Entry found?