- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info)
-VALUES ('%s','%s','%s','%s')",
- array(
- bigintval($_GET['rallye']),
- bigintval($_POST['level']),
- $_POST['points'],
- $_POST['info']
-), __FILE__, __LINE__);
- LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
- }
- else
- {
+ SQL_QUERY_ESC("INSERT INTO
+ `{?_MYSQL_PREFIX?}_rallye_prices`
+(`rallye_id`, `price_level`, `points`, `info`)
+ VALUES
+(%s, %s, '%s', '%s')",
+ array(
+ bigintval(getRequestParameter('rallye')),
+ bigintval(postRequestParameter('level')),
+ postRequestParameter('points'),
+ postRequestParameter('info')
+ ), __FILE__, __LINE__);
+ displayMessage('{--RALLYE_PRICE_LEVEL_SAVED--}');
+ } else {