summaryrefslogtreecommitdiff
path: root/includes/pages/user_messages.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages/user_messages.php')
-rw-r--r--includes/pages/user_messages.php14
1 files changed, 7 insertions, 7 deletions
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index fe1b85ff..1785d5b6 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -7,7 +7,7 @@ function user_unread_messages() {
global $user;
if (isset($user)) {
- $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
+ $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`='" . sql_escape($user['UID']) . "'");
if ($new_messages > 0)
return ' <span class="badge danger">' . $new_messages . '</span>';
}
@@ -18,7 +18,7 @@ function user_messages() {
global $user;
if (! isset($_REQUEST['action'])) {
- $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
+ $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`='" . sql_escape($user['UID']) . "' ORDER BY `Nick`");
$to_select_data = array(
"" => _("Select recipient...")
@@ -29,7 +29,7 @@ function user_messages() {
$to_select = html_select_key('to', 'to', $to_select_data, '');
- $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
+ $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`='" . sql_escape($user['UID']) . "' OR `RUID`='" . sql_escape($user['UID']) . "' ORDER BY `isRead`,`Datum` DESC");
foreach ($messages as $message) {
$sender_user_source = User($message['SUID']);
if ($sender_user_source === false)
@@ -84,9 +84,9 @@ function user_messages() {
else
return error(_("Incomplete call, missing Message ID."), true);
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
- sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
redirect(page_link_to("user_messages"));
} else
return error(_("No Message found."), true);
@@ -98,9 +98,9 @@ function user_messages() {
else
return error(_("Incomplete call, missing Message ID."), true);
- $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ $message = sql_select("SELECT * FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
- sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+ sql_query("DELETE FROM `Messages` WHERE `id`='" . sql_escape($id) . "' LIMIT 1");
redirect(page_link_to("user_messages"));
} else
return error(_("No Message found."), true);