more fixes

diff --git a/inc/libs/nickname_functions.php b/inc/libs/nickname_functions.php
index 9123ebcc55a8b39804fa7f4d6b068ea467ce82f0..dbaee3b66ec871287ed80e14fc10f4c1e2e1a811 100644 (file)
--- a/inc/libs/nickname_functions.php
+++ b/inc/libs/nickname_functions.php
@@ -41,7 +41,7 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 function NICKNAME_IS_ACTIVE($uidNick)
 {
        $ret = false;
-       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0 AND nickname != '') OR nickname='%s' LIMIT 1",
+       $result = SQL_QUERY_ESC("SELECT userid FROM "._MYSQL_PREFIX."_user_data WHERE (userid=%d AND userid > 0) OR nickname='%s' LIMIT 1",
         array(bigintval($uidNick), $uidNick), __FILE__, __LINE__);
 
        // Check existence of nickname

diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php
index 39f60d12e091c24c15dd2bc1e2c50c9d3882494a..541575379cc3caea5ed9b2973ca7974e2b7846eb 100644 (file)
--- a/inc/modules/guest/what-register.php
+++ b/inc/modules/guest/what-register.php
@@ -238,14 +238,14 @@ if ((isset($_POST['ok'])) && (!$FAILED))
 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
 array(
        $countryRow,
-       addslashes(substr($_POST['sex'], 0, 1)),
-       addslashes($_POST['surname']),
-       addslashes($_POST['family_name']),
-       addslashes($_POST['street_nr']),
+       SQL_ESCAPE(substr($_POST['sex'], 0, 1)),
+       SQL_ESCAPE($_POST['surname']),
+       SQL_ESCAPE($_POST['family_name']),
+       SQL_ESCAPE($_POST['street_nr']),
        $countryData,
        bigintval($_POST['zip']),
-       addslashes($_POST['city']),
-       addslashes($_POST['addy']),
+       SQL_ESCAPE($_POST['city']),
+       SQL_ESCAPE($_POST['addy']),
        bigintval($_POST['day']),
        bigintval($_POST['month']),
        bigintval($_POST['year']),