Unnessarry addslashes() and SQL_ESCAPE() removed, some added, some bigintval() added

[mailer.git] / inc / modules / guest / what-login.php

diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php
index 76312e88df808e37719fa1447263e21c253b5084..efaf745c31b68e4e2eec7f094356e73609993f2e 100644 (file)
--- a/inc/modules/guest/what-login.php
+++ b/inc/modules/guest/what-login.php
@@ -239,11 +239,11 @@ if (IS_MEMBER()) {
        if ($probe_nickname) {
                // Nickname entered
                $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",
-                array(addslashes($uid), $_POST['email']), __FILE__, __LINE__);
+                       array($uid, $_POST['email']), __FILE__, __LINE__);
        } else {
                // Direct userid entered
                $result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1",
-                array($uid, $_POST['email']), __FILE__, __LINE__);
+                       array(bigintval($uid), $_POST['email']), __FILE__, __LINE__);
        }
 
        // Any entry found?