More improved SQL queries

[mailer.git] / inc / modules / admin / what-add_points.php

diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php
index 81ddb82b783bb272136241d19487f51fdca99be1..cf783511a82ca02ed4302b0bc630d2dba36fd39f 100644 (file)
--- a/inc/modules/admin/what-add_points.php
+++ b/inc/modules/admin/what-add_points.php
@@ -47,7 +47,7 @@ if ($_GET['u_id'] == "all") {
        // Add points to all accounts
        if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
                define('__POINTS_VALUE', $_POST['points']);
-               $result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
+               $result_main = SQL_QUERY("SELECT userid FROM `{!_MYSQL_PREFIX!}_user_data` WHERE `status`='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
                while (list($uid) = SQL_FETCHROW($result_main)) {
                        // Remove depth to prevent booking errors. This is a bad coding
                        // practice, thats also why we need to write this project from
@@ -79,7 +79,7 @@ if ($_GET['u_id'] == "all") {
        }
 } elseif (!empty($_GET['u_id'])) {
        // User ID found in URL so we use this give him some credits
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s AND `status`='CONFIRMED' LIMIT 1",
                array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Selected user does exist