- SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_booking` (`userid`,`subject`,`mode`,`points`) VALUES (%s,'%s','%s',%s)",
+ sqlQueryEscaped("INSERT INTO `{?_MYSQL_PREFIX?}_user_booking` (`userid`, `subject`, `points_mode`, `points_account_type`, `points`) VALUES (%s, '%s', '%s', '%s', %s)",