}
// Get referral ID from ref or refid variable
- if (!empty($_GET['ref'])) $ref = strip_tags(htmlentities($_GET['ref']));
+ if (!empty($_GET['ref'])) $ref = secureString($_GET['ref']);
elseif (!empty($_GET['refid'])) $ref = bigintval($_GET['refid']);
if (!empty($ref))
list($ref) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
+
// Also edit this 0 !
if (empty($ref)) $ref = "0";
$URL .= bigintval($ref);
// Update ref counter
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET ref_clicks=ref_clicks+1 WHERE userid=%s LIMIT 1",
array(bigintval($ref)), __FILE__, __LINE__);
}
else