- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admin_menu (action, what, title, descr, sort)
-VALUES('%s', '%s', '%s', '%s', '%s')",
- array(
- $_POST['menu'],
- $_POST['name'],
- $_POST['title'],
- addslashes($_POST['descr']),
- bigintval($_POST['sort']),
-), __FILE__, __LINE__);
- }
- else
- {
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admin_menu` (`action`,`what`,`title`,`descr`,`sort`) VALUES ('%s','%s','%s','%s','%s')",
+ array(
+ postRequestParameter('menu'),
+ postRequestParameter('name'),
+ postRequestParameter('title'),
+ postRequestParameter('descr'),
+ bigintval(postRequestParameter('sort')),
+ ), __FILE__, __LINE__
+ );
+ } else {