$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
} elseif ((!EXT_IS_ACTIVE("order")) && (!IS_ADMIN())) {
- ADD_FATAL(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
+ addFatalMessage(EXTENSION_PROBLEM_EXT_INACTIVE, "order");
return;
} elseif (!IS_MEMBER()) {
// Sorry, no guest access!
}
// Update sending pool
- SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET data_type='%s' WHERE id=%s AND sender=%s AND data_type='TEMP' LIMIT 1",
array($type, bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
// Finally is the entry valid?
if (SQL_AFFECTEDROWS() == 1) {
// Load personal data...
- $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM `{!_MYSQL_PREFIX!}_user_data` WHERE userid=%s LIMIT 1",
array($GLOBALS['userid']), __FILE__, __LINE__);
list($gender, $sname, $fname, $email) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Load mail again... 0 1 2 3 4 5 6 7
- $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM "._MYSQL_PREFIX."_pool WHERE id=%s AND sender=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, text, receivers, payment_id, timestamp, url, cat_id, target_send FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s AND sender=%s LIMIT 1",
array(bigintval($_GET['order']), $GLOBALS['userid']), __FILE__, __LINE__);
$DATA = SQL_FETCHROW($result);
SQL_FREERESULT($result);