- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins_acls (admin_id, action_menu, what_menu, access_mode)
-VALUES ('%s', '%s', '%s', '%s')",
- array(
- $_POST['admin_id'],
- $_POST['action_menu'],
- $_POST['what_menu'],
- $_POST['mode']
-), __FILE__, __LINE__);
- $content = ADMIN_ADMINS_ACL_SAVED;
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_acls` (admin_id, action_menu, what_menu, access_mode)
+VALUES ('%s','%s','%s','%s')",
+ array(
+ bigintval(REQUEST_POST('admin_id')),
+ REQUEST_POST('action_menu'),
+ REQUEST_POST('what_menu'),
+ REQUEST_POST('mode')
+ ), __FILE__, __LINE__);
+ $content = getMessage('ADMIN_ADMINS_ACL_SAVED');