// check if the photo exists and get the owner of the photo
$r = q("SELECT `uid` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
- dbesc($photo),
+ DBA::escape($photo),
intval($resolution)
);
if (DBA::isResult($r)) {
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
- dbesc($photo),
+ DBA::escape($photo),
intval($resolution)
);
if (DBA::isResult($r)) {