More SQL rewrites, TODO: Put all table and column names in backticks (`)

[mailer.git] / inc / modules / guest / what-confirm.php

diff --git a/inc/modules/guest/what-confirm.php b/inc/modules/guest/what-confirm.php
index a4b0bedfcca00ea4996524995b580a112723037b..fa40e682f1625dd01ec614ff32f90beb799024b9 100644 (file)
--- a/inc/modules/guest/what-confirm.php
+++ b/inc/modules/guest/what-confirm.php
@@ -45,14 +45,14 @@ if (!empty($_GET['hash'])) {
        $uid = 0;
 
        // Search for an unconfirmed or confirmed account
-       $result = SQL_QUERY_ESC("SELECT userid, email, refid FROM "._MYSQL_PREFIX."_user_data WHERE user_hash='%s' AND (status='UNCONFIRMED' OR status='CONFIRMED') LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid, email, refid FROM `"._MYSQL_PREFIX."_user_data` WHERE user_hash='%s' AND (status='UNCONFIRMED' OR status='CONFIRMED') LIMIT 1",
                array($_GET['hash']), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1) {
                // Ok, he want's to confirm now so we load some data
                list ($uid, $email, $rid) = SQL_FETCHROW($result);
 
                // Unlock his account (but only when it is on UNCONFIRMED!)
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET status='CONFIRMED', ref_payout=%s, user_hash=NULL WHERE user_hash='%s' AND status='UNCONFIRMED' LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET status='CONFIRMED', ref_payout=%s, user_hash=NULL WHERE user_hash='%s' AND status='UNCONFIRMED' LIMIT 1",
                        array($_CONFIG['ref_payout'], $_GET['hash']), __FILE__, __LINE__);
                if (SQL_AFFECTEDROWS() == 1) {
                        $msg = LOAD_EMAIL_TEMPLATE("confirm-member", array('points' => $_CONFIG['points_register']), bigintval($uid));
@@ -63,7 +63,7 @@ if (!empty($_GET['hash'])) {
                        // Maybe he got "referaled"?
                        if (($rid > 0) && ($rid != $uid)) {
                                // Select the referal userid
-                               $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+                               $result = SQL_QUERY_ESC("SELECT userid FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                                 array(bigintval($rid)), __FILE__, __LINE__);
                                if (SQL_NUMROWS($result) == 1) {
                                        // Update ref counter...
@@ -84,7 +84,7 @@ if (!empty($_GET['hash'])) {
                                        // If version matches add ref bonus to refid's account
                                        if ((GET_EXT_VERSION("bonus") >= "0.4.4") && ($_CONFIG['bonus_active'] == "Y")) {
                                                // Add points (directly only!)
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET bonus_ref=bonus_ref+%s WHERE userid=%s LIMIT 1",
                                                 array($_CONFIG['bonus_ref'], bigintval($rid)), __FILE__, __LINE__);
 
                                                // Subtract points from system
@@ -136,7 +136,7 @@ if (!empty($_GET['hash'])) {
  elseif ((isset($_POST['ok'])) && (!empty($_POST['email'])))
 {
        // Confirmation link requested      0     1         2
-       $result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM "._MYSQL_PREFIX."_user_data WHERE email='%s' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid, status, user_hash FROM `"._MYSQL_PREFIX."_user_data` WHERE email='%s' LIMIT 1",
         array($_POST['email']), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)
        {