From 876e5e5fbbf3049da2b96eacc7b13b29dd484642 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 18 Jan 2014 12:40:12 +0100
Subject: [ticket/11201] Cast some variables to integer

PHPBB3-11201
---
 phpBB/phpbb/profilefields/lang_helper.php   |  6 +++---
 phpBB/phpbb/profilefields/profilefields.php | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

(limited to 'phpBB/phpbb/profilefields')

diff --git a/phpBB/phpbb/profilefields/lang_helper.php b/phpBB/phpbb/profilefields/lang_helper.php
index cf4a248d1b..7bae1bdc18 100644
--- a/phpBB/phpbb/profilefields/lang_helper.php
+++ b/phpBB/phpbb/profilefields/lang_helper.php
@@ -70,9 +70,9 @@ class lang_helper
 		else
 		{
 			$sql = 'SELECT option_id, lang_value
-				FROM ' . $this->language_table . "
-					WHERE field_id = $field_id
-					AND lang_id = $lang_id
+				FROM ' . $this->language_table . '
+					WHERE field_id = ' . (int) $field_id . '
+					AND lang_id = ' . (int) $lang_id . "
 					AND field_type = '" . $this->db->sql_escape($field_type) . "'
 				ORDER BY option_id";
 			$result = $this->db->sql_query($sql);
diff --git a/phpBB/phpbb/profilefields/profilefields.php b/phpBB/phpbb/profilefields/profilefields.php
index af0b733f32..acb1e6afcb 100644
--- a/phpBB/phpbb/profilefields/profilefields.php
+++ b/phpBB/phpbb/profilefields/profilefields.php
@@ -79,9 +79,9 @@ class profilefields
 			FROM ' . $this->fields_language_table . ' l, ' . $this->fields_table . " f
 			WHERE f.field_active = 1
 				$sql_where
-				AND l.lang_id = $lang_id
+				AND l.lang_id = " . (int) $lang_id . '
 				AND l.field_id = f.field_id
-			ORDER BY f.field_order";
+			ORDER BY f.field_order';
 		$result = $this->db->sql_query($sql);
 
 		while ($row = $this->db->sql_fetchrow($result))
@@ -153,8 +153,8 @@ class profilefields
 		}
 
 		$sql = 'SELECT l.*, f.*
-			FROM ' . $this->fields_language_table . ' l, ' . $this->fields_table . " f
-			WHERE l.lang_id = $lang_id
+			FROM ' . $this->fields_language_table . ' l, ' . $this->fields_table . ' f
+			WHERE l.lang_id = ' . (int) $lang_id . "
 				AND f.field_active = 1
 				$sql_where
 				AND l.field_id = f.field_id
@@ -218,8 +218,8 @@ class profilefields
 		}
 
 		$sql = 'UPDATE ' . $this->fields_data_table . '
-			SET ' . $this->db->sql_build_array('UPDATE', $cp_data_sql) . "
-			WHERE user_id = $user_id";
+			SET ' . $this->db->sql_build_array('UPDATE', $cp_data_sql) . '
+			WHERE user_id = ' . (int) $user_id;
 		$this->db->sql_query($sql);
 
 		if (!$this->db->sql_affectedrows())
-- 
cgit v1.2.1