ORDER BY
`timestamp` DESC";
-$WHO = getMessage('_ALL');
+$WHO = '{--_ALL--}';
$SQL2 = '';
if (isGetRequestParameterSet(('mid'))) {
// Only a specific mail shall be displayed
- $sql = "SELECT
+ $sql = sprintf("SELECT
`id`, `sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `target_send`, `cat_id`
FROM
`{?_MYSQL_PREFIX?}_pool`
WHERE
- `id`='".bigintval(getRequestParameter('mid'))."'
-LIMIT 1";
- $WHO = getMessage('MAIL_ID') . ': ' . getRequestParameter('mid');
+ `id`=%s
+LIMIT 1",
+ bigintval(getRequestParameter('mid'))
+ );
+ $WHO = '{--MAIL_ID--}' . ': ' . getRequestParameter('mid');
} elseif (isGetRequestParameterSet('userid')) {
// All mails by a specific member shall be displayed
- $sql = "SELECT
+ $sql = sprintf("SELECT
`id`, `sender`, `subject`, `text`, `receivers`, `payment_id`, `data_type`, `timestamp`, `url`, `target_send`, `cat_id`
FROM
`{?_MYSQL_PREFIX?}_pool`
WHERE
- `sender`='".bigintval(getRequestParameter('userid'))."'
+ `sender`=%s
ORDER BY
- `timestamp` DESC";
- $WHO = getMessage('USER_ID') . ': ' . getRequestParameter('userid');
+ `timestamp` DESC",
+ bigintval(getRequestParameter('userid'))
+ );
+ $WHO = '{--USER_ID--}' . ': ' . getRequestParameter('userid');
}
// Init result_bonus