if ($probe_nickname) {
// Nickname entered
$result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE nickname='%s' OR email='%s' LIMIT 1",
- array(addslashes($uid), $_POST['email']), __FILE__, __LINE__);
+ array($uid, $_POST['email']), __FILE__, __LINE__);
} else {
// Direct userid entered
$result = SQL_QUERY_ESC("SELECT userid, status FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s OR email='%s' LIMIT 1",
- array($uid, $_POST['email']), __FILE__, __LINE__);
+ array(bigintval($uid), $_POST['email']), __FILE__, __LINE__);
}
// Any entry found?