All database names are now 'back-ticked' and constant _MYSQL_PREFIX is wrapped. Partl...

[mailer.git] / inc / modules / admin / what-add_points.php

diff --git a/inc/modules/admin/what-add_points.php b/inc/modules/admin/what-add_points.php
index 3232be3b56cd07499354588eff721aa88ca1444c..fafd094a5f99039cf7fe0c5c5174f04bad167c5d 100644 (file)
--- a/inc/modules/admin/what-add_points.php
+++ b/inc/modules/admin/what-add_points.php
@@ -47,7 +47,7 @@ if ($_GET['u_id'] == "all") {
        // Add points to all accounts
        if ((isset($_POST['ok'])) && ($_POST['points'] > 0)) {
                define('__POINTS_VALUE', $_POST['points']);
-               $result_main = SQL_QUERY("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
+               $result_main = SQL_QUERY("SELECT userid FROM `{!MYSQL_PREFIX!}_user_data` WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
                while (list($uid) = SQL_FETCHROW($result_main)) {
                        // Remove depth to prevent booking errors. This is a bad coding
                        // practice, thats also why we need to write this project from
@@ -79,7 +79,7 @@ if ($_GET['u_id'] == "all") {
        }
 } elseif (!empty($_GET['u_id'])) {
        // User ID found in URL so we use this give him some credits
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!MYSQL_PREFIX!}_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                array(bigintval($_GET['u_id'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Selected user does exist