diff --git a/content/verdienen/paidmails.php b/content/verdienen/paidmails.php
index e78cfc34c5cf1af86ba16a26bc0d1432bf2785b7..8aae829756f2d7a27c49a80c1dd679e419cfab02 100644
--- a/content/verdienen/paidmails.php
+++ b/content/verdienen/paidmails.php
@@ -2,12 +2,14 @@
 userstatus();
 head("Paidmailhistory");
 
-$paidmails = sql::$db->query("SELECT
+$paidmails = sql::$db->prepare("SELECT
                 e.gueltig, e.tan, v.verdienst, v.beschreibung, v.mailtext, v.aufendhalt
                 FROM " . _VMS_ . "_paidmails_empfaenger e
                 LEFT JOIN " . _VMS_ . "_paidmails_versendet v ON v.tan = e.tan
-                WHERE e.uid=" . $_SESSION['uid'] . " && e.gueltig > " . time() . " && e.status=0
+                WHERE e.uid=:session_uid && e.gueltig > " . time() . " && e.status=0
                 LIMIT 10");
+$paidmails -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
+$paidmails -> execute();
 while ($mail = $paidmails->fetch() ) {
     echo '
     <table border="1" id="mail_' . $mail['tan'] . '" width="100%">