while (list($uid) = SQL_FETCHROW($result_main))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($_POST['points'], bigintval($uid)), __FILE__, __LINE__);
// Update mediadata as well
elseif (!empty($_GET['u_id']))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
if ((isset($_POST['ok'])) && (!empty($_POST['points'])))
{
// Ok, add points and send an email to him...
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%d AND ref_depth=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_points SET points=points+(%s) WHERE userid=%s AND ref_depth=0 LIMIT 1",
array($_POST['points'], bigintval($_GET['u_id'])), __FILE__, __LINE__);
// Remember points in constant