if ((!empty($_POST['level'])) && ((!empty($_POST['points'])) || (!empty($_POST['info']))))
{
// Submitted data is valid, but maybe we already have this price level?
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d AND price_level='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s AND price_level='%s' LIMIT 1",
array(bigintval($_GET['rallye']), bigintval($_POST['level'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0)
// Delete selected entries
foreach ($_POST['sel'] as $id=>$sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
$id = bigintval($id);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%d, price_level='%s', points='%s', info='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_rallye_prices SET rallye_id=%s, price_level='%s', points='%s', info='%s' WHERE id=%s LIMIT 1",
array($_POST['rallye_id'][$id], bigintval($level), $_POST['points'][$id], $_POST['infos'][$id], $id), __FILE__, __LINE__);
}
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data to selected rallye
- $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
foreach ($_POST['sel'] as $id=>$sel)
{
// Load data to selected rallye
- $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($rallye, $level, $points, $infos) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
else
{
// A rallye was selected, so check if there are already prices assigned...
- $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%d ORDER BY price_level",
+ $result = SQL_QUERY_ESC("SELECT id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE rallye_id=%s ORDER BY price_level",
array(bigintval($_GET['rallye'])), __FILE__, __LINE__);
if (SQL_NUMROWS($result) > 0)