diff --git a/topframe_paidmail.php b/topframe_paidmail.php
index 3874b10260b8086ec51ae335347e9e842238654f..da14e7dd6449799026b87c4ab457662f8382d0ba 100644
--- a/topframe_paidmail.php
+++ b/topframe_paidmail.php
@@ -6,10 +6,8 @@ if (!isset($headmsg))		       $headmsg			= "";
 if (!isset($wait))		       $wait			= "";
 if (!isset($_GET['auszahlen']))	       $_GET['auszahlen']	= "false";
 
-//Tan / UID Sichern
+//UID Sichern
 $_GET['uid'] = (int)$_GET['uid'];
-$_GET['tan'] = addslashes ($_GET['tan']);
-
 
 $sql = sql::$db->prepare ("SELECT `e`.`start`,`e`.`aufendhalt`,`e`.`status`,`e`.`uid`,`v`.`verdienst` FROM `"._VMS_."_paidmails_empfaenger` AS `e`
                             LEFT JOIN `"._VMS_."_paidmails_versendet` AS `v` ON `v`.`tan` = `e`.`tan`
@@ -21,7 +19,7 @@ $mail =  $sql-> fetch();
 if (!isset($_GET['auszahlen']) OR $_GET['auszahlen'] != 'true' ) {
 	if ($sql -> rowCount()) {
 		if ($mail['status'] != 0) {
-    		if ($mail['status'] == 1) $headmsg = 'Mail schon bestÃ¤digt!';
+    		if ($mail['status'] == 1) $headmsg = 'Mail schon bestÃ¤tigt!';
     		if ($mail['status'] == 2) $headmsg = 'Fakeversuch!';
 		} else {
     		$headmsg = 'Bitte warte '.$mail['aufendhalt'].' Sek.!';
@@ -36,15 +34,15 @@ if (!isset($_GET['auszahlen']) OR $_GET['auszahlen'] != 'true' ) {
     	buchungsliste (create_code(14),$mail['verdienst'],'Paidmailverdienst',$mail['uid']);
     	refumsatz ($mail['verdienst'],$mail['uid']);
     	rallysystem ($mail['uid'],'2',$mail['verdienst']);
-        bilanz(0,$mail['verdienst']);
-    	$sql = sql::$db->query ("UPDATE `"._VMS_."_paidmails_empfaenger` SET `status` = 1 WHERE `tan` = ? and `uid` = ? LIMIT 1");
+      bilanz(0,$mail['verdienst']);
+    	$sql = sql::$db->prepare ("UPDATE `"._VMS_."_paidmails_empfaenger` SET `status` = 1 WHERE `tan` = ? and `uid` = ? LIMIT 1");
     	$sql -> execute(array($_GET['tan'], $_GET['uid']));
-    	$sql = sql::$db->query ("UPDATE `"._VMS_."_paidmails_versendet` SET `bestaedigt` = `bestaedigt` + 1 WHERE `tan` = ?  LIMIT 1");
+    	$sql = sql::$db->prepare ("UPDATE `"._VMS_."_paidmails_versendet` SET `bestaedigt` = `bestaedigt` + 1 WHERE `tan` = ?  LIMIT 1");
         $sql -> execute(array($_GET['tan']));
     	$headmsg = $mail['verdienst'].' '.$system['waehrung'].' gutgeschrieben!';
 	} else {
         $headmsg = 'Wartezeit umgangen! Paidmail ungÃ¼ltig!';
-        $sql = sql::$db->query ("UPDATE `"._VMS_."_paidmails_empfaenger` SET `status` = 2 WHERE `tan` = ? and `uid` = ? LIMIT 1");
+        $sql = sql::$db->prepare ("UPDATE `"._VMS_."_paidmails_empfaenger` SET `status` = 2 WHERE `tan` = ? and `uid` = ? LIMIT 1");
         $sql -> execute(array($_GET['tan'], $_GET['uid']));
 	}
 }