- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_data (sex, surname, family, street_nr, %s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
-VALUES ('%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d, %d, %d, 'UNCONFIRMED', '%s', '%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
-array(
- $countryRow,
- SQL_ESCAPE(substr($_POST['sex'], 0, 1)),
- SQL_ESCAPE($_POST['surname']),
- SQL_ESCAPE($_POST['family_name']),
- SQL_ESCAPE($_POST['street_nr']),
- $countryData,
- bigintval($_POST['zip']),
- SQL_ESCAPE($_POST['city']),
- SQL_ESCAPE($_POST['addy']),
- bigintval($_POST['day']),
- bigintval($_POST['month']),
- bigintval($_POST['year']),
- generateHash($_POST['pass1']),
- bigintval($_POST['max_mails']),
- bigintval($_POST['max_mails']),
- bigintval($_POST['refid']),
- $hash,
- getenv('REMOTE_ADDR'),
-), __FILE__, __LINE__);
+ SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_user_data` (gender, surname, family, street_nr,%s, zip, city, email, birth_day, birth_month, birth_year, password, max_mails, receive_mails, refid, status, user_hash, REMOTE_ADDR, joined, last_update".$ADD1.")
+VALUES ('%s','%s','%s','%s','%s',%s,'%s','%s',%s, %s,%s,'%s',%s, %s,'%s','UNCONFIRMED','%s','%s', UNIX_TIMESTAMP(), UNIX_TIMESTAMP()".$ADD2.")",
+ array(
+ $countryRow,
+ substr(REQUEST_POST('gender'), 0, 1),
+ REQUEST_POST('surname'),
+ REQUEST_POST('family'),
+ REQUEST_POST('street_nr'),
+ $countryData,
+ bigintval(REQUEST_POST('zip')),
+ REQUEST_POST('city'),
+ REQUEST_POST('addy'),
+ bigintval(REQUEST_POST('day')),
+ bigintval(REQUEST_POST('month')),
+ bigintval(REQUEST_POST('year')),
+ generateHash(REQUEST_POST('pass1')),
+ bigintval(REQUEST_POST('max_mails')),
+ bigintval(REQUEST_POST('max_mails')),
+ bigintval(REQUEST_POST('refid')),
+ $hash,
+ GET_REMOTE_ADDR(),
+ ), __FILE__, __LINE__);