if (isset($_POST['add'])) {
// Add a new category
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_cats WHERE cat='%s' LIMIT 1",
- array(addslashes($_POST['catname'])), __FILE__, __LINE__);
+ array($_POST['catname']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Category does not exists, we simply add it...
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_cats (cat, visible, sort) VALUES ('%s','%s','%s')",
- array(addslashes($_POST['catname']), $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
+ array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
$content = "<SPAN class=\"admin_done\">".CATEGORY_ADDED."</SPAN>";
} else {
// Category does already exists