More SQL rewrites, TODO: Put all table and column names in backticks (`)

[mailer.git] / inc / modules / member / what-transfer.php

diff --git a/inc/modules/member/what-transfer.php b/inc/modules/member/what-transfer.php
index aa9062a243280d119a3c92d826d3d79f12d963ba..5b7288dfc426e714b769e2287a0e7062e3dd0a85 100644 (file)
--- a/inc/modules/member/what-transfer.php
+++ b/inc/modules/member/what-transfer.php
@@ -46,7 +46,7 @@ if (!defined('__SECURITY')) {
 ADD_DESCR("member", __FILE__);
 
 // Load data
-$result = SQL_QUERY_ESC("SELECT opt_in FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+$result = SQL_QUERY_ESC("SELECT opt_in FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
  array($GLOBALS['userid']), __FILE__, __LINE__);
 list($opt_in) = SQL_FETCHROW($result);
 
@@ -103,7 +103,7 @@ case "new": // Start new transfer
                        $nick = true;
                }
                // Re-check receivers and own personal data
-               $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM "._MYSQL_PREFIX."_user_data WHERE userid IN ('%s','%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
+               $result = SQL_QUERY_ESC("SELECT userid, gender, surname, family, email".$ADD." FROM `"._MYSQL_PREFIX."_user_data` WHERE userid IN ('%s','%s') AND status='CONFIRMED' ORDER BY userid LIMIT 2",
                 array($GLOBALS['userid'], bigintval($_POST['to_uid'])), __FILE__, __LINE__);
                $valid_data = (SQL_NUMROWS($result) == 2);
 
@@ -255,13 +255,13 @@ case "new": // Start new transfer
                if (EXT_IS_ACTIVE("nickname"))
                {
                        // Load userid and nickname
-                       $result = SQL_QUERY_ESC("SELECT userid, nickname FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",
+                       $result = SQL_QUERY_ESC("SELECT userid, nickname FROM `"._MYSQL_PREFIX."_user_data` WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",
                         array($GLOBALS['userid']), __FILE__, __LINE__);
                }
                 else
                {
                        // Load only userid
-                       $result = SQL_QUERY_ESC("SELECT userid, userid FROM "._MYSQL_PREFIX."_user_data WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",
+                       $result = SQL_QUERY_ESC("SELECT userid, userid FROM `"._MYSQL_PREFIX."_user_data` WHERE status='CONFIRMED' AND opt_in='Y' AND userid != '%s' ORDER BY userid",
                         array($GLOBALS['userid']), __FILE__, __LINE__);
                }
                if (SQL_NUMROWS($result) > 0)
@@ -554,7 +554,7 @@ case "": // Overview page
 
        if (isset($_POST['ok'])) {
                // Save settings
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET opt_in='%s' WHERE userid=%s LIMIT 1",
+               $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET opt_in='%s' WHERE userid=%s LIMIT 1",
                 array($_POST['opt_in'], $GLOBALS['userid']), __FILE__, __LINE__);
 
                // Rember for next switch() command