- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
-VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
-array(
- $countryRow,
- addslashes(substr($_POST['sex'], 0, 1)),
- addslashes($_POST['surname']),
- addslashes($_POST['family_name']),
- addslashes($_POST['street_nr']),
- $countryData,
- bigintval($_POST['zip']),
- addslashes($_POST['city']),
- addslashes($_POST['addy']),
- bigintval($_POST['day']),
- bigintval($_POST['month']),
- bigintval($_POST['year']),
- generateHash($_POST['pass1']),
- bigintval($_POST['max_mails']),
- bigintval($_POST['max_mails']),
- bigintval($_POST['refid']),
- $hash,
- getenv('REMOTE_ADDR'),
-), __FILE__, __LINE__);
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_data` (gender, surname, family, street_nr,%s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
+VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
+ array(
+ $countryRow,
+ substr(postRequestElement('gender'), 0, 1),
+ postRequestElement('surname'),
+ postRequestElement('family'),
+ postRequestElement('street_nr'),
+ $countryData,
+ bigintval(postRequestElement('zip')),
+ postRequestElement('city'),
+ postRequestElement('email'),
+ bigintval(postRequestElement('day')),
+ bigintval(postRequestElement('month')),
+ bigintval(postRequestElement('year')),
+ generateHash(postRequestElement('pass1')),
+ bigintval(postRequestElement('max_mails')),
+ bigintval(postRequestElement('max_mails')),
+ bigintval(postRequestElement('refid')),
+ $hash,
+ detectRemoteAddr(),
+ ), __FILE__, __LINE__);