- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info)
-VALUES ('%s', '%s', '%s', '%s')",
- array(
- bigintval($_GET['rallye']),
- bigintval($_POST['level']),
- $_POST['points'],
- $_POST['info']
-), __FILE__, __LINE__);
- LOAD_TEMPLATE("admin_settings_saved", false, RALLYE_PRICE_LEVEL_SAVED);
- }
- else
- {
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_rallye_prices` (rallye_id, price_level, points, info)
+VALUES ('%s','%s','%s','%s')",
+ array(
+ bigintval(getRequestParameter('rallye')),
+ bigintval(postRequestParameter('level')),
+ postRequestParameter('points'),
+ postRequestParameter('info')
+ ), __FILE__, __LINE__);
+ loadTemplate('admin_settings_saved', false, getMessage('RALLYE_PRICE_LEVEL_SAVED'));
+ } else {