while we register at our forum at the same time i need to insert into another db username password and e-mail variables typed by user at forum register page

how can i do it?

mysql_query("INSERT INTO users (username, password, email,) VALUES (
'" $vbulletin->GPC['username'] "', '" $vbulletin->GPC['password_md5'] "', '" $vbulletin->GPC['email'] "')") or die(mysql_error());


this code is wrong... which variables i need to use?

I do something similar on my site. I use the "register_addmember_complete" plugin.
$db->query_write("INSERT INTO users (username, password, email) VALUES (
'" . addslashes(htmlspecialchars_uni($vbulletin->GPC['username'])) . "', '" . addslashes(htmlspecialchars_uni($vbulletin->GPC['password_md5'])) . "', '" . addslashes(htmlspecialchars_uni($vbulletin->GPC['email'])) . "')");

Perhaps that will work for you.

thx a lot, btw where i can find "register_addmember_complete" plugin?

thx a lot, btw where i can find "register_addmember_complete" plugin?
Whoops, I mean I used that hook for my plugin. Sorry for the confusion. What hook are you using?

i found a bit info about hooks and found "register_addmember_complete" in my register.php file. can u explain me how it can help me to done my db query with an example please?

Use $db->escape_string() instead of addslashes().

i found a bit info about hooks and found "register_addmember_complete" in my register.php file. can u explain me how it can help me to done my db query with an example please?
You add a plugin through the Admin CP at the specified hook. Simple.

Use $db->escape_string() instead of addslashes().
So this instead?

$db->query_write("INSERT INTO users (username, password, email) VALUES (
'" . $db->escape_string(htmlspecialchars_uni($vbulletin->GPC['username'])) . "', '" . $db->escape_string(htmlspecialchars_uni($vbulletin->GPC['password_md5'])) . "', '" . $db->escape_string(htmlspecialchars_uni($vbulletin->GPC['email'])) . "')");
I know I read somewhere else about not using addslashes any longer, but what is the rational behind that - do you remember?

mysql_real_escape_string() runs MySQL's own function, which escapes what MySQL needs escaped. addslashes() only escapes what PHP needs escaped.

Also, addslashes() has been removed from PHP 6.