From fb47d444a28f77a2812733fa7d665ea6d992f6fc Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Wed, 30 Jun 2010 22:35:56 +0000
Subject: [PATCH] New function makeDatabaseUserId() introduced which actually
 converts a zero userid into NULL to make it more suitable for SQL queries

---
 doubler.php                   |  8 ++++++--
 inc/functions.php             | 15 +++++++++++++++
 inc/libs/online_functions.php |  4 ++--
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/doubler.php b/doubler.php
index f8acd23ae9..635448e77b 100644
--- a/doubler.php
+++ b/doubler.php
@@ -102,7 +102,11 @@ if (isFormSent()) {
 				// Enough points are left so let's continue with the doubling process
 				// Create doubling "account" width *DOUBLED* points
 				SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_doubler` (`userid`, `refid`, `points`, `remote_ip`, `timemark`, `completed`, `is_ref`) VALUES ('%s','%s','%s','".detectRemoteAddr()."', UNIX_TIMESTAMP(), 'N','N')",
-					array(getUserData('userid'), determineReferalId(), bigintval(postRequestParameter('points') * 2)), __FILE__, __LINE__);
+					array(
+						getUserData('userid'),
+						makeDatabaseUserId(determineReferalId()),
+						bigintval(postRequestParameter('points') * 2)
+					), __FILE__, __LINE__);
 
 				// Subtract entered points
 				subtractPoints('doubler', getUserData('userid'), postRequestParameter('points'));
@@ -117,7 +121,7 @@ if (isFormSent()) {
 					// Okay add a refid line and apply refid percents
 					SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_doubler` (`userid`, `refid`, `points`, `remote_ip`, `timemark`, `completed`, `is_ref`) VALUES ('%s',0,'%s','".detectRemoteAddr()."',UNIX_TIMESTAMP(),'N','Y')",
 						array(
-							determineReferalId(),
+							makeDatabaseUserId(determineReferalId()),
 							bigintval(postRequestParameter('points') * 2 * getConfig('doubler_ref') / 100)
 						), __FILE__, __LINE__);
 
diff --git a/inc/functions.php b/inc/functions.php
index e1b5a9ca36..6327c0d6e3 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -2367,6 +2367,21 @@ function handleFieldWithBraces ($field) {
 	return $field;
 }
 
+// Converts a userid so it can be used in SQL queries
+function makeDatabaseUserId ($userid) {
+	// Is it a valid username?
+	if (isValidUserId($userid)) {
+		// Always secure it
+		$userid = bigintval($userid);
+	} else {
+		// Is not valid or zero
+		$userid = 'NULL';
+	}
+
+	// Return it
+	return $userid;
+}
+
 //////////////////////////////////////////////////
 // AUTOMATICALLY RE-GENERATED MISSING FUNCTIONS //
 //////////////////////////////////////////////////
diff --git a/inc/libs/online_functions.php b/inc/libs/online_functions.php
index 479976c181..14c8503b62 100644
--- a/inc/libs/online_functions.php
+++ b/inc/libs/online_functions.php
@@ -97,7 +97,7 @@ LIMIT 1",
 			getAction(),
 			getWhat(),
 			$userid,
-			determineReferalId(),
+			makeDatabaseUserId(determineReferalId()),
 			$isMember,
 			$isAdmin,
 			detectRemoteAddr(),
@@ -111,7 +111,7 @@ LIMIT 1",
 				getAction(),
 				getWhat(),
 				$userid,
-				determineReferalId(),
+				makeDatabaseUserId(determineReferalId()),
 				$isMember,
 				$isAdmin,
 				session_id(),
-- 
2.39.5