All database names are now 'back-ticked' and constant _MYSQL_PREFIX is wrapped. Partl...

[mailer.git] / view.php

diff --git a/view.php b/view.php
index 57eb0a77f118ffecec952885687061f8514b774e..e6ed28fa25b27879b664e538b66c0fc46f0f6a80 100644 (file)
--- a/view.php
+++ b/view.php
@@ -49,11 +49,13 @@ if (((!empty($_GET['user'])) || (!empty($_GET['reseller']))) && (!empty($_GET['b
        $VIEW = 1;
 
        // for later things... ;-)
-       $result = SQL_QUERY_ESC("SELECT url FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+       $result = SQL_QUERY_ESC("SELECT url FROM `{!MYSQL_PREFIX!}_refbanner` WHERE id=%s LIMIT 1",
+               array(bigintval($_GET['banner'])), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 1)  {
                list($url) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
-               SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET counter=counter+1 WHERE id=%s LIMIT 1", array(bigintval($_GET['banner'])), __FILE__, __LINE__);
+               SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_refbanner` SET counter=counter+1 WHERE id=%s LIMIT 1",
+                       array(bigintval($_GET['banner'])), __FILE__, __LINE__);
 
                $type = substr($url, -3);
                @header ("Content-Type: image/".$type);