From 76f456f24a689971f2c6dcd87650e0d3d8f626f4 Mon Sep 17 00:00:00 2001
From: Darren <darrensapalo@users.noreply.github.com>
Date: Thu, 20 Dec 2018 01:21:39 +0800
Subject: [PATCH] Added ` quotation marks for non-value SQL words.

This fixes some problems when SQL queries don't run correctly.
---
 modules/voteforpoints/function.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/voteforpoints/function.php b/modules/voteforpoints/function.php
index ac85769..842b4e5 100644
--- a/modules/voteforpoints/function.php
+++ b/modules/voteforpoints/function.php
@@ -8,7 +8,7 @@ function isChanged($id, $col, $row, $server)
 	{
 		$vfp_sites = Flux::config('FluxTables.vfp_sites');
 
-		$sql = "SELECT * FROM $server->loginDatabase.$vfp_sites WHERE $col = ? AND id = ?";
+		$sql = "SELECT * FROM `$server->loginDatabase.$vfp_sites` WHERE `$col` = ? AND `id` = ?";
 		$sth = $server->connection->getStatement($sql);
 		$bind = array($row, (int) $id);
 		$sth->execute($bind);
@@ -26,7 +26,7 @@ function updateValue($id, $col, $row, $server)
 	{
 		$vfp_sites = Flux::config('FluxTables.vfp_sites');
 
-		$sql = "UPDATE $server->loginDatabase.$vfp_sites SET $col = ? WHERE id = ?";
+		$sql = "UPDATE `$server->loginDatabase.$vfp_sites` SET `$col` = ? WHERE `id` = ?";
 		$sth = $server->connection->getStatement($sql);
 		$bind = array($row, (int) $id);
 		$sth->execute($bind);
@@ -49,7 +49,7 @@ function isVoted($id, $server)
 
 		if (Flux::config('EnableIPVoteCheck'))
 		{
-			$sql = "SELECT timestamp_expire FROM $server->loginDatabase.$vfp_logs WHERE ipaddress = ? AND sites_id = ? AND UNIX_TIMESTAMP(timestamp_expire) > ? LIMIT 1";
+			$sql = "SELECT `timestamp_expire` FROM `$server->loginDatabase.$vfp_logs` WHERE `ipaddress` = ? AND `sites_id` = ? AND UNIX_TIMESTAMP(timestamp_expire) > ? LIMIT 1";
 			$sth = $server->connection->getStatement($sql);
 			$bind = array($ipaddress, $vote_id, time());
 			$sth->execute($bind);
@@ -58,7 +58,7 @@ function isVoted($id, $server)
 				return $sth->fetch()->timestamp_expire;
 		}
 
-		$sql = "SELECT timestamp_expire FROM $server->loginDatabase.$vfp_logs WHERE account_id = ? AND sites_id = ? AND UNIX_TIMESTAMP(timestamp_expire) > ? LIMIT 1";
+		$sql = "SELECT `timestamp_expire` FROM `$server->loginDatabase.$vfp_logs` WHERE `account_id` = ? AND `sites_id` = ? AND UNIX_TIMESTAMP(timestamp_expire) > ? LIMIT 1";
 		$sth = $server->connection->getStatement($sql);
 		$bind = array($account_id, $vote_id, time());
 		$sth->execute($bind);
@@ -75,7 +75,7 @@ function isVoted($id, $server)
 	function getCashPoints($account_id, $server)
 	{
 		$cp_tbl = Flux::config('FluxTables.cashpoints');
-		$sql = "SELECT value FROM $cp_tbl WHERE account_id = ? AND key = '#CASHPOINTS'";
+		$sql = "SELECT `value` FROM `$cp_tbl` WHERE `account_id` = ? AND `key` = '#CASHPOINTS'";
 		$sth = $server->connection->getStatement($sql);
 		$sth->execute(array((int) $account_id));
 
@@ -122,4 +122,4 @@ function getTimeLeft($ts)
 	}
 }
 
-?>
\ No newline at end of file
+?>