$myname = DB_get_name('hash',$me);
/* check if game really is old enough to be canceled */
-$r = DB_query_array("SELECT mod_date from Game WHERE id='$gameid' " );
+$r = DB_query_array("SELECT mod_date from Game WHERE id=".DB_quote_smart($gameid) );
if(time()-strtotime($r[0]) > 60*60*24*30) /* = 1 month */
{
/* email to all players */