diff --git a/adminforce/content/werbesystem/paidmail.php b/adminforce/content/werbesystem/paidmail.php
index c3e23f480c0c9d9bdd5b75bd3c9de476bdcaa466..dda3c57e1daca9c586f41f5094ef96125f846f05 100644
--- a/adminforce/content/werbesystem/paidmail.php
+++ b/adminforce/content/werbesystem/paidmail.php
@@ -28,7 +28,9 @@ if ($_POST['versenden'] == 'Paidmail versenden!') {
     $senden = sql::$db->query("SELECT e.uid,e.emailadresse FROM
                                    " . _VMS_ . "_emaildaten e
                                    LEFT JOIN " . _VMS_ . "_kontodaten k ON k.uid=e.uid
-WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1 ORDER BY RAND() LIMIT " . $_POST['menge'] . "");
+WHERE (e.freigabe_fuer = '3' or e.freigabe_fuer = '2') AND k.status=1 ORDER BY RAND() LIMIT :menge");
+    $senden -> bindParam(':menge', $_POST['menge'], PDO::PARAM_INT);
+    $senden -> execute();
 
     while ($versendet = $senden->fetch() ) {
         $sql = sql::$db->prepare("INSERT INTO " . _VMS_ . "_paidmails_empfaenger (uid,gueltig,tan,status,aufendhalt) VALUES (?,?,?,?,?)");