- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_pool (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg)
- VALUES ('%s', '%s', '%s', '%s', '%s', 'TEMP', '%s', '%s', '%s', '%s', '%s', '%s')",
-array(
- $GLOBALS['userid'],
- addslashes($_POST['subject']),
- addslashes($_POST['text']),
- $RECEIVER,
- bigintval($_POST['type']),
- $TIME,
- $_POST['url'],
- bigintval($_POST['cat']),
- $MAX_SEND,
- bigintval($_POST['zip']),
- $_POST['html']
-), __FILE__, __LINE__);
- }
- else
- {
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_pool` (sender, subject, text, receivers, payment_id, data_type, timestamp, url, cat_id, target_send, zip, html_msg)
+ VALUES ('%s','%s','%s','%s','%s','TEMP','%s','%s','%s','%s','%s','%s')",
+ array(
+ getUserId(),
+ REQUEST_POST('subject'),
+ REQUEST_POST('text'),
+ $RECEIVER,
+ bigintval(REQUEST_POST('type')),
+ $TIME,
+ REQUEST_POST('url'),
+ bigintval(REQUEST_POST('cat')),
+ $MAX_SEND,
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('html')
+ ), __FILE__, __LINE__);
+ } else {