- SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_rallye_data` (admin_id, title, descr, template, start_time, end_time, auto_add_new_user, is_active, send_notify)
-VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')",
- array(
- GET_CURRENT_ADMIN_ID(),
- $_POST['title'],
- $_POST['descr'],
- $_POST['template'],
- $START,
- $END,
- $_POST['auto_add'],
- $_POST['active'],
- $_POST['notify'],
-), __FILE__, __LINE__);
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_rallye_data` (`admin_id`,`title`,`descr`, template, `start_time`,`end_time`,`auto_add_new_user`,`is_active`,`send_notify`)
+VALUES (%s,'%s','%s','%s',%s,%s,'%s','%s','%s')",
+ array(
+ getCurrentAdminId(),
+ postRequestParameter('title'),
+ postRequestParameter('descr'),
+ postRequestParameter('template'),
+ $START,
+ $END,
+ postRequestParameter('auto_add'),
+ postRequestParameter('active'),
+ postRequestParameter('notify'),
+ ), __FILE__, __LINE__);