More SQL rewrites, TODO: Put all table and column names in backticks (`)

[mailer.git] / inc / modules / order.php

diff --git a/inc/modules/order.php b/inc/modules/order.php
index e64f2607c4b926e0475bed19b8a3569cfcc39469..3b98a3e872579adcd05985e703c7e5ed2571db08 100644 (file)
--- a/inc/modules/order.php
+++ b/inc/modules/order.php
@@ -69,7 +69,7 @@ if (empty($URL)) {
        // Finally is the entry valid?
        if (SQL_AFFECTEDROWS() == 1) {
                // Load personal data...
-               $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
+               $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
                 array($GLOBALS['userid']), __FILE__, __LINE__);
                list($gender, $sname, $fname, $email) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);