} ?>
diff --git a/pages/wot/10.php b/pages/wot/10.php
index 92248eb..2347b69 100644
--- a/pages/wot/10.php
+++ b/pages/wot/10.php
@@ -25,10 +25,10 @@
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
- AND `from`='".$_SESSION['profile']['id']."' GROUP BY `notary`.`from`";
+ AND `from`='".intval($_SESSION['profile']['id'])."' GROUP BY `notary`.`from`";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
- $rc = $row['list'];
+ $rc = intval($row['list']);
$query = "SELECT `users`. *, count(*) AS `list` FROM `users`, `notary`
WHERE `users`.`id` = `notary`.`from` AND `notary`.`from` != `notary`.`to`
GROUP BY `notary`.`from` HAVING count(*) > '$rc' ORDER BY `notary`.`when` DESC";
@@ -51,16 +51,16 @@
=_("Method")?>
- $query = "select * from `notary` where `to`='".$_SESSION['profile']['id']."'";
+ $query = "select * from `notary` where `to`='".intval($_SESSION['profile']['id'])."'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
- $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$row['from']."'"));
+ $fromuser = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($row['from'])."'"));
?>