case 'edit':
foreach (postRequestParameter('time') as $id => $value) {
- addSql("UPDATE `{?_MYSQL_PREFIX?}_payments` SET time='".$value."', payment='".postRequestParameter('pay', $id)."', price='".postRequestParameter('price', $id)."', mail_title='".postRequestParameter('title', $id)."' WHERE `id`='".$id."' LIMIT 1");
+ addSql("UPDATE `{?_MYSQL_PREFIX?}_payments` SET `time`='" . $value . "', `payment`='".postRequestParameter('pay', $id)."', price='".postRequestParameter('price', $id)."', mail_title='".postRequestParameter('title', $id)."' WHERE `id`='".$id."' LIMIT 1");
}
break;
case 'del':
foreach (postRequestParameter('id') as $id => $value) {
- addSql("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_payments` WHERE `id`='".$id."' LIMIT 1");
+ addSql("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_payments` WHERE `id`=" . bigintval($id) . " LIMIT 1");
}
break;
} // END - switch