@ -13,7 +13,7 @@
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_REQUEST[orgid]."'";
$query = "select * from `orginfo` where `id`='".intval($_REQUEST[orgid])."'";
$row = mysql_fetch_assoc(mysql_query($query));
?>
<form method="post" action="account.php">