- if (!empty($SUB)) $AND = "action='".$SUB."'";
- switch ($_POST['ok'])
- {
- case "edit": // Edit menu
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $_POST['sel_descr'][$sel], $sel), __FILE__, __LINE__);
- break;
+ if (!empty($SUB)) $AND = "`action`='".$SUB."'";
+ switch (postRequestElement('ok')) {
+ case 'edit': // Edit menu
+ SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_member_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND `id`=%s LIMIT 1",
+ array($menu, postRequestElement('sel_act', $sel), postRequestElement('sel_what', $sel), $sel), __FILE__, __LINE__);
+ break;