X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=show_bonus.php;h=cc1ad2af634a1e3c2977d1e0bd5ed8a0aba3e386;hb=4a62dbba596613605d51574698c08c9070e46a72;hp=fe6b508a80bcf9d4ad3f11fe43cbb6d147fb8298;hpb=09f5758c42a33a56bdd461c946ffe759a59c54aa;p=mailer.git

diff --git a/show_bonus.php b/show_bonus.php
index fe6b508a80..cc1ad2af63 100644
--- a/show_bonus.php
+++ b/show_bonus.php
@@ -59,7 +59,7 @@ redirectOnUninstalledExtension('bonus');
 // Include header
 loadIncludeOnce('inc/header.php');
 
-if ((getRequestParameter('userid') > 0) && (getRequestParameter('d') > 0) && (isGetRequestParameterSet('t'))) {
+if ((isValidUserId(getRequestParameter('userid'))) && (getRequestParameter('d') > 0) && (isGetRequestParameterSet('t'))) {
 	// Set row name
 	$t = '';
 	switch (getRequestParameter('t')) {
@@ -79,15 +79,18 @@ if ((getRequestParameter('userid') > 0) && (getRequestParameter('d') > 0) && (is
 	// Valid type?
 	if (!empty($t)) {
 		// Check for data
-		$result = SQL_QUERY_ESC("SELECT d.gender, d.surname, d.family, b.level, b.points
+		$result = SQL_QUERY_ESC("SELECT
+	d.`gender`, d.`surname`, d.`family`, b.`level`, b.`points`
 FROM
 	`{?_MYSQL_PREFIX?}_user_data` AS d
-RIGHT JOIN
+INNER JOIN
 	`{?_MYSQL_PREFIX?}_bonus_turbo` AS b
 ON
-	d.userid=b.userid
+	d.`userid`=b.`userid`
 WHERE
-	d.`status`='CONFIRMED' AND d.userid=%s AND b.%s=%s
+	d.`status`='CONFIRMED' AND
+	d.`userid`=%s AND
+	b.`%s`=%s
 LIMIT 1",
 			array(
 				bigintval(getRequestParameter('userid')),
@@ -101,8 +104,7 @@ LIMIT 1",
 			$content = SQL_FETCHARRAY($result);
 
 			// Prepare constants for the pre-template
-			$content['gender'] = translateGender($content['gender']);
-			$content['points'] = translateComma($content['points']);
+			// @TODO No more needed? $content['points'] = translateComma($content['points']);
 			$content['mailid'] = bigintval(getRequestParameter('d'));
 			$content['rows']   = addBonusRanks(bigintval(getRequestParameter('d')), $t, bigintval(getRequestParameter('userid')));