Unnessarry addslashes() and SQL_ESCAPE() removed, some added, some bigintval() added

[mailer.git] / inc / modules / member / what-transfer.php

diff --git a/inc/modules/member/what-transfer.php b/inc/modules/member/what-transfer.php
index 0a108622de869f7075540e24e8504ec657d1f407..c7130ff3deb2a2add9122177e6be739aa046b70a 100644 (file)
--- a/inc/modules/member/what-transfer.php
+++ b/inc/modules/member/what-transfer.php
@@ -185,11 +185,11 @@ case "new": // Start new transfer
 
                        // Add entries to both tables
                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_in (userid, from_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
-                        array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
-                        __FILE__, __LINE__);
+                               array(bigintval($_POST['to_uid']), $GLOBALS['userid'], bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+                               __FILE__, __LINE__);
                        $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_user_transfers_out (userid, to_uid, points, reason, time_trans, trans_id) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP(),'%s')",
-                        array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), addslashes($_POST['reason']), __TRANS_ID),
-                        __FILE__, __LINE__);
+                               array($GLOBALS['userid'], bigintval($_POST['to_uid']), bigintval($_POST['points']), $_POST['reason'], __TRANS_ID),
+                               __FILE__, __LINE__);
 
                        // Add points to account *directly* ...
                        ADD_POINTS_REFSYSTEM(bigintval($_POST['to_uid']), bigintval($_POST['points']), false, "0", false, "direct");