if (!empty($_POST['member_theme']))
{
// Save theme to member's profile
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET curr_theme='%s' WHERE userid=%s LIMIT 1",
array($_POST['member_theme'], $GLOBALS['userid']), __FILE__, __LINE__);
// Set new theme for guests
while ($dir = readdir($handle))
{
// Construct absolute theme.php file name
- $theme = PATH."theme/".$dir."/"."theme.php";
+ $theme = sprintf("%stheme/%s/theme.php", PATH, $dir);
// Test it...
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_themes WHERE theme_path='%s' AND theme_active='Y' LIMIT 1",
array($dir), __FILE__, __LINE__);
- if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1))
- {
+ if (($dir != ".") && ($dir != "..") && (file_exists($theme)) && (is_readable($theme)) && (SQL_NUMROWS($result) == 1)) {
// Free memory
SQL_FREERESULT($result);