@ -14,13 +14,13 @@ if (!preg_match('/^(mem|org)-[0-9]+$/', @$_POST['usernym']))
if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
if (preg_match('/^mem-[0-9]+$/', @$_POST['usernym']))
{
{
mysql_query("update emailcerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
mysql_query("update emailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
mysql_query("update domaincerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
mysql_query("update domaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
}
}
else
else
{
{
mysql_query("update orgemailcerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
mysql_query("update orgemailcerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
mysql_query("update orgdomaincerts set coll_found=1 where memid='".substr(@$_POST['usernym'],4)."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");
mysql_query("update orgdomaincerts set coll_found=1 where memid='".mysql_escape_string(substr(@$_POST['usernym'],4))."' and pkhash!='' and pkhash='".$_POST['pkhash']."';");