Index: helpers/frontend_helper.php =================================================================== --- helpers/frontend_helper.php (revision 12258) +++ helpers/frontend_helper.php (working copy) @@ -1029,7 +1029,7 @@ $today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust); // check how many uses the token has left - $usesquery = "SELECT usesleft FROM {{tokens_$surveyid}} WHERE token=".$clienttoken; + $usesquery = "SELECT usesleft FROM {{tokens_$surveyid}} WHERE token='".$clienttoken."'"; $usesresult = dbExecuteAssoc($usesquery); $usesrow = $usesresult->read(); if (isset($usesrow)) { $usesleft = $usesrow['usesleft']; } @@ -1061,14 +1061,14 @@ $utquery .= "SET usesleft=usesleft-1\n"; } } - $utquery .= "WHERE token=".$clienttoken.""; + $utquery .= "WHERE token='".$clienttoken."'"; $utresult = dbExecuteAssoc($utquery) or safeDie ("Couldn't update tokens table!
\n$utquery
\n"); //Checked if ($quotaexit==false) { // TLR change to put date into sent and completed - $cnfquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token=".$clienttoken." AND completed!='N' AND completed!=''"; + $cnfquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token='".$clienttoken."' AND completed!='N' AND completed!=''"; $cnfresult = dbExecuteAssoc($cnfquery); //Checked $cnfrow = $cnfresult->read(); @@ -1529,9 +1529,9 @@ //check if token actually does exist // check also if it is allowed to change survey after completion if ($thissurvey['alloweditaftercompletion'] == 'Y' ) { - $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token=".trim(strip_tags($clienttoken))." "; + $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token='".trim(strip_tags($clienttoken))."'"; } else { - $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token=".trim(strip_tags($clienttoken))." AND (completed = 'N' or completed='')"; + $tkquery = "SELECT COUNT(*) FROM {{tokens_".$surveyid."}} WHERE token='".trim(strip_tags($clienttoken))."' AND (completed = 'N' or completed='')"; } $tkresult = dbExecuteAssoc($tkquery); //Checked @@ -1706,7 +1706,7 @@ { //get language from token (if one exists) - $tkquery2 = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".db_quote($clienttoken)."' AND (completed = 'N' or completed='')"; + $tkquery2 = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$clienttoken."' AND (completed = 'N' or completed='')"; //echo $tkquery2; $result = dbExecuteAssoc($tkquery2) or safeDie ("Couldn't get tokens
$tkquery
"); //Checked foreach ($result->readAll() as $rw)