#20 Missing quotes around SELECT parameter

[Anthon Pang]

v2.1 beta

An error occurred when I tried to Delete the same
schedule twice.

Line 534 of es_functions.php: $exptime needs to be quoted

i.e.,

$sql = "SELECT * FROM es_schedule WHERE
s_u_id=".$user["u_id"]." AND
s_group='".addslashes($group)."' AND
s_exptime='".$exptime."' ORDER BY s_starttime, s_id";