Index: scripts/createbanner.php
===================================================================
--- scripts/createbanner.php	(revision 290)
+++ scripts/createbanner.php	(working copy)
@@ -56,8 +56,10 @@
 	return $e;
 }
 
-extract($_GET);
-if (isset($id)) {
+if (isset($_GET['id']) && is_int($_GET['id'])) {
+	
+	$id = mysql_real_escape_string($_GET['id']);
+	
 	// Parameters
 	header ("Content-type: image/png");
 	$image  = imagecreatefrompng($game_config['banner_source_post']);