All database names are now 'back-ticked' and constant _MYSQL_PREFIX is wrapped. Partl...

[mailer.git] / inc / modules / admin / what-sub_points.php

diff --git a/inc/modules/admin/what-sub_points.php b/inc/modules/admin/what-sub_points.php
index a09a2a31c1d3057aa26df74b70ec38ce76f1bae0..04f1fd51de30a7b657eea6edb2344fd74d5734cf 100644 (file)
--- a/inc/modules/admin/what-sub_points.php
+++ b/inc/modules/admin/what-sub_points.php
@@ -49,11 +49,11 @@ if ($_GET['u_id'] == "all")
        define('__POINTS_VALUE', $_POST['points']);
        if ((isset($_POST['ok'])) && ($_POST['points'] > 0))
        {
-               $result_main = SQL_QUERY("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
+               $result_main = SQL_QUERY("SELECT userid FROM `{!MYSQL_PREFIX!}_user_data` WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
                while (list($uid) = SQL_FETCHROW($result_main))
                {
                        // User ID found in URL so we use this give him some credits
-                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!MYSQL_PREFIX!}_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
                         array(bigintval($uid)), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1)
                        {
@@ -93,7 +93,7 @@ if ($_GET['u_id'] == "all")
  elseif (!empty($_GET['u_id']))
 {
        // User ID found in URL so we use this give him some credits
-       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!MYSQL_PREFIX!}_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
         array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Selected user does exist