X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-guest_add.php;h=863931eb6117c108f720ed8bac96c14e64b2675e;hb=22a33b87f9894a94efb71de7630f12129e34f83b;hp=e5f22c6b9dd8f6f77627f461fc5934fc789eb58d;hpb=80e2def8ef2125fd4d7d1312ee3993ab613f0846;p=mailer.git

diff --git a/inc/modules/admin/what-guest_add.php b/inc/modules/admin/what-guest_add.php
index e5f22c6b9d..863931eb61 100644
--- a/inc/modules/admin/what-guest_add.php
+++ b/inc/modules/admin/what-guest_add.php
@@ -32,13 +32,13 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
 // Check if the admin has entered title and what-php file name...
 if (((empty($_POST['title'])) || (empty($_POST['menu']))) && (isset($_POST['ok'])))
@@ -52,7 +52,7 @@ if (!isset($_POST['ok']))
 	$menus = array(); $titles = array(); $below = array();
 
 	// Get all available main menus
-	$result = SQL_QUERY("SELECT action, title, sort FROM "._MYSQL_PREFIX."_guest_menu WHERE (what='' OR what IS NULL) ORDER BY sort", __FILE__, __LINE__);
+	$result = SQL_QUERY("SELECT action, title, sort FROM `"._MYSQL_PREFIX."_guest_menu` WHERE (what='' OR what IS NULL) ORDER BY sort", __FILE__, __LINE__);
 	if (SQL_NUMROWS($result) > 0)
 	{
 		// Read menu structure
@@ -92,7 +92,7 @@ if (!isset($_POST['ok']))
 		{
 			$result = SQL_QUERY_ESC("SELECT what, title, sort
 FROM "._MYSQL_PREFIX."_guest_menu
-WHERE action='%s' AND what != '' ORDER BY sort",
+WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort",
  array(bigintval($value_main)), __FILE__, __LINE__);
 			if (SQL_NUMROWS($result) > 0)
 			{
@@ -175,9 +175,7 @@ WHERE action='%s' AND what != '' ORDER BY sort",
 	// Insert new menu entry
 	if (!empty($_POST['menu']))
 	{
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_guest_menu
-(action, what, title, sort, visible, locked)
-VALUES('%s', '%s', '%s', '%s', '%s', '%s')",
+		$result = SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_guest_menu` (`action`,`what`,`title`,`sort`,`visible`,`locked`) VALUES ('%s','%s','%s','%s','%s','%s')",
  array(
 	$_POST['menu'],
 	$_POST['name'],
@@ -189,9 +187,7 @@ VALUES('%s', '%s', '%s', '%s', '%s', '%s')",
 	}
 	 else
 	{
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_guest_menu
-(action, title, sort, visible, locked)
-VALUES('%s', '%s', '%s', '%s', '%s')",
+		$result = SQL_QUERY_ESC("INSERT INTO `"._MYSQL_PREFIX."_guest_menu` (action, title, sort, visible, locked) VALUES ('%s','%s','%s','%s','%s')",
  array(
 	$_POST['name'],
 	$_POST['title'],