if (!empty($_GET['pid']))
{
// First let's get the member's ID
- $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT userid, target_account, payout_total, payout_timestamp, password FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
array($_GET['pid']), __FILE__, __LINE__);
list($uid, $tuid, $points, $tstamp, $tpass) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (empty($_GET['task']) && (!empty($uid)) && ($uid > 0))
{
// Get task ID from database
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%d AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_task_system WHERE userid=%s AND task_type='PAYOUT_REQUEST' AND task_created='".$tstamp."' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($task) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if ((!empty($task)) && (!empty($uid)) && ($uid > 0))
{
// Load user's data
- $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT email, sex, surname, family FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
list($email, $sex, $surname, $family) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (isset($_POST['ok']))
{
// Obtain payout type and other data
- $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT payout_id FROM "._MYSQL_PREFIX."_user_payouts WHERE id=%s LIMIT 1",
array(bigintval($_GET['pid'])), __FILE__, __LINE__);
list($ptype) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (!empty($ptype))
{
// Obtain data from payout type
- $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT from_account, from_pass, engine_url, engine_ret_ok, engine_ret_failed, pass_enc, allow_url FROM "._MYSQL_PREFIX."_payout_types WHERE id=%s LIMIT 1",
array(bigintval($ptype)), __FILE__, __LINE__);
list($fuid, $fpass, $eurl, $eok, $failed, $eenc, $allow) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Clear task
if ($task > 0)
{
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($task)),__FILE__, __LINE__);
}
// Clear payout request
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='ACCEPTED' WHERE id=%s LIMIT 1",
array(bigintval($_GET['pid'])), __FILE__, __LINE__);
// Send out mail
if ($task > 0)
{
// Clear task
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET status='SOLVED' WHERE id=%s LIMIT 1",
array(bigintval($task)), __FILE__, __LINE__);
}
// Clear payout request
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_payouts SET status='REJECTED' WHERE id=%s LIMIT 1",
array(bigintval($_GET['pid'])), __FILE__, __LINE__);
// Send out mail