From AstBillWiki
Companyname: Lia's Computerhouse
db_query("UPDATE ".$astdb."astuser set lastname = '$res->company', partnerid = $res->pid, firstname = '$newuser->name',
mobile = '$res->mobile' WHERE uid = $newuser->uid");
db_query("UPDATE ".$astdb."astuser set lastname = '%s', partnerid = %d, firstname = '%s', mobile = '%s'
WHERE uid = %d",$res->company,$res->pid,$newuser->name,$res->mobile,$newuser->uid);
can you see the difference between this two code lines if the customer is
Lia's Computerhouse
We must allways use %s and have data as parameters to db_query
as the 1st line will get SQL error due to the ' in the company name. The 2nd line will filter this and all will be ok.
