- $user_id=mysql_real_escape_string($_SESSION['user_id']);
- $user_name=mysql_real_escape_string($_SESSION['user_name']);
- $mail_name=mysql_real_escape_string($_POST['mail_to']);
+ $user_id=db_escape_string($_SESSION['user_id']);
+ $user_name=db_escape_string($_SESSION['user_name']);
+ $mail_name=db_escape_string($_POST['mail_to']);