}
// List entries
- $result = SQL_QUERY("SELECT
+ $result = SQL_QUERY_ESC("SELECT
`userid`, `refid`, `points`, `timemark`
FROM
`{?_MYSQL_PREFIX?}_doubler`
WHERE
- `completed`='".$done."' AND `is_ref`='".$ref."'".$add."
+ `completed`='%s' AND `is_ref`='%s'" . $add . "
ORDER BY
- `timemark` ".$sort."
-LIMIT ".$limit, __FUNCTION__, __LINE__);
+ `timemark` %s
+LIMIT %s",
+ array(
+ $done,
+ $ref,
+ $sort,
+ $limit
+ ), __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result) > 0) {
// List entries