define('__POINTS_VALUE', $_POST['points']);
if ((isset($_POST['ok'])) && ($_POST['points'] > 0))
{
- $result_main = SQL_QUERY("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
+ $result_main = SQL_QUERY("SELECT userid FROM `{!MYSQL_PREFIX!}_user_data` WHERE status='CONFIRMED' ORDER BY userid", __FILE__, __LINE__);
while (list($uid) = SQL_FETCHROW($result_main))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!MYSQL_PREFIX!}_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($uid)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
elseif (!empty($_GET['u_id']))
{
// User ID found in URL so we use this give him some credits
- $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT surname, family, email FROM `{!MYSQL_PREFIX!}_user_data` WHERE userid=%s AND status='CONFIRMED' LIMIT 1",
array(bigintval($_GET['u_id'])),__FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
// Selected user does exist