From ceab605169c473055941f4c62cfcb75e0b3671d6 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Sun, 27 Jun 2010 19:55:55 +0000
Subject: [PATCH] Use prepare(). Props Ben Ward.

git-svn-id: https://develop.svn.wordpress.org/trunk@15340 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/ms-edit.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php
index a4c131ed80..832ce7ab4b 100644
--- a/wp-admin/ms-edit.php
+++ b/wp-admin/ms-edit.php
@@ -286,14 +286,14 @@ switch ( $_GET['action'] ) {
 				unset( $_POST['role'] );
 				$_POST['role'] = $newroles[ $userid ];
 				if ( $pass != '' ) {
-					$cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
+					$cap = $wpdb->get_var( $wpdb->prepare( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
 					$userdata = get_userdata($userid);
 					$_POST['pass1'] = $_POST['pass2'] = $pass;
 					$_POST['email'] = $userdata->user_email;
 					$_POST['rich_editing'] = $userdata->rich_editing;
 					edit_user( $userid );
 					if ( $cap == null )
-						$wpdb->query( "DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
+						$wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
 				}
 			}
 			unset( $_POST['role'] );