} // END - if
// Add record entry here
- SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_booking` (`userid`, `subject`, `points_mode`, `points_account_type`, `points`) VALUES (%s, '%s', '%s', '%s', %s)",
+ sqlQueryEscaped("INSERT INTO `{?_MYSQL_PREFIX?}_user_booking` (`userid`, `subject`, `points_mode`, `points_account_type`, `points`) VALUES (%s, '%s', '%s', '%s', %s)",
array(
bigintval($userid),
$subject,