'skintype' => $skintype\r
);\r
$manager->notify('PreDeleteSkinPart', $data);\r
- \r
// delete part\r
- $query = "DELETE FROM %s WHERE sdesc=%d AND stype='%s';";\r
- $query = sprintf($query, sql_table('skin'), (integer) $skinid, (integer) $skintype);\r
+ $query = "DELETE FROM %s WHERE sdesc=%d AND stype=%s;";\r
+ $query = sprintf($query, sql_table('skin'), (integer) $skinid, DB::quoteValue($skintype) );\r
DB::execute($query);\r
\r
$data = array(\r
'skintype' => $skintype\r
);\r
$manager->notify('PreDeleteAdminSkinPart', $data);\r
- \r
+\r
// delete part\r
- $query = 'DELETE FROM %s WHERE sdesc = %d AND stype ="%s"';\r
- $query = sprintf($query, sql_table('skin'), (integer) $skinid, $skintype);\r
+ $query = 'DELETE FROM %s WHERE sdesc = %d AND stype = %s ;';\r
+ $query = sprintf($query, sql_table('skin'), (integer) $skinid, DB::quoteValue($skintype) );\r
DB::execute($query);\r
\r
$data = array(\r