More SQL rewrites, TODO: Put all table and column names in backticks (`)

[mailer.git] / inc / modules / member / what-wernis.php

diff --git a/inc/modules/member/what-wernis.php b/inc/modules/member/what-wernis.php
index b74c42a53b7beb99fe463d92f9beee34460f47c8..3c7a323c9a9343b716626cd57323459138cfeb84 100644 (file)
--- a/inc/modules/member/what-wernis.php
+++ b/inc/modules/member/what-wernis.php
@@ -63,7 +63,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
        $content['wds66_id'] = 0;
 
        // Get WDS66 id
-       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // Are there some entries?
@@ -154,7 +154,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
 
        // Get WDS66 id
        $content['wds66_id'] = "";
-       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // Are there some entries?
@@ -178,7 +178,7 @@ if ((!isset($_GET['mode'])) || ($_GET['mode'] == "choose")) {
        WERNIS_ADD_FEES_TO_ARRAY($content);
 
        // Get WDS66 id
-       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT wernis_userid FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                array($GLOBALS['userid']), __FILE__, __LINE__);
 
        // Are there some entries?
@@ -235,7 +235,7 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                                                ADD_POINTS_REFSYSTEM("wernis_withdraw", $GLOBALS['userid'], bigintval($_POST['amount']), false, 0, false, "direct");
 
                                                // Update the user data as well..
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
                                                        array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                                // All done!
@@ -270,7 +270,7 @@ if ((isset($_POST['ok'])) && (isset($_GET['mode']))) {
                                                SUB_POINTS("wernis_payout", $GLOBALS['userid'], $_POST['amount']);
 
                                                // Update WDS66 id
-                                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_user_data SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
+                                               $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET `wernis_userid`=%s WHERE userid=%s LIMIT 1",
                                                        array(bigintval($_POST['wds66_id']), $GLOBALS['userid']), __FILE__, __LINE__);
 
                                                // All done!