diff --git a/GameEngine/Admin/Mods/medals.php b/GameEngine/Admin/Mods/medals.php
index b5b8cd04..b332d972 100755
--- a/GameEngine/Admin/Mods/medals.php
+++ b/GameEngine/Admin/Mods/medals.php
@@ -40,10 +40,12 @@ elseif(isset($_POST['userid']) && !empty($_POST['userid']) && is_numeric($_POST[
     mysqli_query($database->dblink, "UPDATE ".TB_PREFIX."medal set del = 1 WHERE userid = ".$userID."");
 }
 
-$admidID = (int) $_SESSION['id'];
-$name = $database->getUserField($adminID, "name", 0);
+$admid = (int) $_SESSION['id'];
+$uid   = (int) ($_POST['uid'] ?? 0);
+$name  = $database->escape((string) $database->getUserField($uid, "username", 0));
+$medalLogId = isset($medalID) ? $medalID : 0;
 //TODO: Make a dedicated method for logging
-mysqli_query($database->dblink, "INSERT INTO ".TB_PREFIX."admin_log values (0, $admid, 'Deleted medal id [#".$medalid."] from the user <a href=\'admin.php?p=player&uid=$uid\'>$name</a> ',".time().")");
+mysqli_query($database->dblink, "INSERT INTO ".TB_PREFIX."admin_log values (0, $admid, 'Deleted medal id [#".$medalLogId."] from the user <a href=\'admin.php?p=player&uid=$uid\'>$name</a> ',".time().")");
 
-header("Location: ../../../Admin/admin.php?p=player&uid=".$_POST['uid']."");
+header("Location: ../../../Admin/admin.php?p=player&uid=".$uid);
 ?>
\ No newline at end of file