more fixes

[mailer.git] / inc / modules / guest / what-register.php

diff --git a/inc/modules/guest/what-register.php b/inc/modules/guest/what-register.php
index 39f60d12e091c24c15dd2bc1e2c50c9d3882494a..541575379cc3caea5ed9b2973ca7974e2b7846eb 100644 (file)
--- a/inc/modules/guest/what-register.php
+++ b/inc/modules/guest/what-register.php
@@ -238,14 +238,14 @@ if ((isset($_POST['ok'])) && (!$FAILED))
 VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
 array(
        $countryRow,
-       addslashes(substr($_POST['sex'], 0, 1)),
-       addslashes($_POST['surname']),
-       addslashes($_POST['family_name']),
-       addslashes($_POST['street_nr']),
+       SQL_ESCAPE(substr($_POST['sex'], 0, 1)),
+       SQL_ESCAPE($_POST['surname']),
+       SQL_ESCAPE($_POST['family_name']),
+       SQL_ESCAPE($_POST['street_nr']),
        $countryData,
        bigintval($_POST['zip']),
-       addslashes($_POST['city']),
-       addslashes($_POST['addy']),
+       SQL_ESCAPE($_POST['city']),
+       SQL_ESCAPE($_POST['addy']),
        bigintval($_POST['day']),
        bigintval($_POST['month']),
        bigintval($_POST['year']),