// Order number placed, is he also logged in?
if (isMember()) {
// Ok, test passed... :)
- $result = SQL_QUERY_ESC("SELECT `subject`, `url` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `id`=%s AND `sender`=%s AND `data_type`='TEMP' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT `subject`,`url` FROM `{?_MYSQL_PREFIX?}_pool` WHERE `id`=%s AND `sender`=%s AND `data_type`='TEMP' LIMIT 1",
array(bigintval(getRequestParameter('order')), getMemberId()), __FILE__, __LINE__);
// Finally is the entry valid?