$ret = true;
foreach ($array as $key => $value) {
// Check all fields that must register
- $result = SQL_QUERY("SELECT `id` FROM `{?_MYSQL_PREFIX?}_must_register` WHERE `field_name`='".$key."' AND `field_required`='Y' LIMIT 1",
- __FUNCTION__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_must_register` WHERE `field_name`='%s' AND `field_required`='Y' LIMIT 1",
+ array($key), __FUNCTION__, __LINE__);
+
+ // Entry found?
if (SQL_NUMROWS($result) == 1) {
// Check if extension country is not found (you have to enter the 2-chars long country code) or
// if extensions is present check if country code was selected
// @TODO Wether the registration bonus should only be added to user directly or through referal system should be configurable
$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_user_points` WHERE `userid`=%s AND `ref_depth`=0 LIMIT 1",
array($userid), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == '0') {
+ if (SQL_HASZERONUMS($result)) {
// Add only when the line was not found (maybe some more secure?)
$locked = 'points';