-$result = SQL_QUERY_ESC("SELECT gender, surname, family, (points_amount - points_used) AS points
-FROM `{!_MYSQL_PREFIX!}_sponsor_data`
-WHERE `id`='%s' AND password='%s' LIMIT 1",
-array(bigintval(getSession('sponsorid')), getSession('sponsorpass')), __FILE__, __LINE__);
-list($gender, $surname, $family, $points) = SQL_FETCHROW($result);
+$result = sqlQueryEscaped('SELECT
+ `id`,
+ `gender`,
+ `surname`,
+ `family`,
+ (`points_amount` - `points_used`) AS `points`
+FROM
+ `{?_MYSQL_PREFIX?}_sponsor_data`
+WHERE
+ `id`=%s
+LIMIT 1',
+ array(
+ bigintval(getSession('sponsor_id'))
+ ), __FILE__, __LINE__);