if ((empty($POST['force'])) || (!IS_ADMIN())) $POST['force'] = 0;
// SQL and message string is empty by default
- $SQL = ""; $MSG = "";
+ $sql = ""; $MSG = "";
// Update?
if ($UPDATE) {
// Update his data
- $SQL = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET ";
+ $sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET ";
foreach ($DATA['keys'] as $k => $v) {
- $SQL .= $v."='%s', ";
+ $sql .= $v."='%s', ";
}
// Remove last ", " from SQL string
- $SQL = substr($SQL, 0, -2)." WHERE id='%s' LIMIT 1";
+ $sql = substr($sql, 0, -2)." WHERE id='%s' LIMIT 1";
$DATA['values'][] = bigintval(REQUEST_GET('id'));
// Generate message
$VALUES = str_repeat("%s', '", count($DATA['values']) - 1);
// Generate string
- $SQL = "INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_data` (".$KEYS.") VALUES ('".$VALUES."%s')";
+ $sql = "INSERT INTO `{!_MYSQL_PREFIX!}_sponsor_data` (".$KEYS.") VALUES ('".$VALUES."%s')";
// Generate message
$MSG = SPONSOR_GET_MESSAGE(getMessage('ADMIN_SPONSOR_ADDED'), "added", $MSGs);
$ret = "already";
}
- if (!empty($SQL)) {
+ if (!empty($sql)) {
// Run SQL command
- $result = SQL_QUERY_ESC($SQL, $DATA['values'], __FUNCTION__, __LINE__);
+ $result = SQL_QUERY_ESC($sql, $DATA['values'], __FUNCTION__, __LINE__);
}
// Output message
$DATA = array();
// Prepare SQL string
- $SQL = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET";
+ $sql = "UPDATE `{!_MYSQL_PREFIX!}_sponsor_data` SET";
foreach ($POST as $key => $value) {
// Mmmmm, too less security here???
- $SQL .= " ".strip_tags($key)."='%s',";
+ $sql .= " ".strip_tags($key)."='%s',";
// We will secure this later inside the SQL_QUERY_ESC() function
$DATA[] = strip_tags($value);
$EMAIL = true;
// Okay, has changed then add status with UNCONFIRMED and new hash code
- $SQL .= " `status`='EMAIL', hash='%s',";
+ $sql .= " `status`='EMAIL', hash='%s',";
// Generate hash code
$HASH = md5(session_id().":".$POST['email'].":".GET_REMOTE_ADDR().":".GET_USER_AGENT().":".time());
}
// Remove last commata
- $SQL = substr($SQL, 0, -1);
+ $sql = substr($sql, 0, -1);
// Add SQL tail data
- $SQL .= " WHERE id='%s' AND password='%s' LIMIT 1";
+ $sql .= " WHERE id='%s' AND password='%s' LIMIT 1";
$DATA[] = bigintval(get_session('sponsorid'));
$DATA[] = get_session('sponsorpass');
if (SQL_AFFECTEDROWS() == 1) {
if (!empty($templ) && !empty($subj)) {
// Run SQL command and check for success
- $result = SQL_QUERY_ESC($SQL, $DATA, __FUNCTION__, __LINE__);
+ $result = SQL_QUERY_ESC($sql, $DATA, __FUNCTION__, __LINE__);
// Add all data to content
global $DATA;