2 files changed, 38 insertions, 20 deletions

diff --git a/modules/user.module b/modules/user.module
index c04d0bcf1..7527b7794 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -161,17 +161,26 @@ function user_save($account, $array = array(), $category = 'account') {
     // fields from being saved there. We cannot invoke hook_user('insert') here
     // because we don't have a fully initialized user object yet.
     foreach ($array as $key => $value) {
-      if ($key == 'pass') {
-        $fields[] = $key;
-        $values[] = md5($value);
-        $s[] = "'%s'";
-      }
-      else if (substr($key, 0, 4) !== 'auth') {
-        if (in_array($key, $user_fields)) {
-          $fields[] = db_escape_string($key);
-          $values[] = $value;
+      switch($key) {
+        case 'pass':
+          $fields[] = $key;
+          $values[] = md5($value);
           $s[] = "'%s'";
-        }
+          break;          
+        case 'uid':        case 'mode':     case 'sort':
+        case 'threshold':  case 'created':  case 'access':
+        case 'login':      case 'status':
+          $fields[] = $key;
+          $values[] = $value;
+          $s[] = "%d";
+          break;
+        default:
+          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
+            $fields[] = $key;
+            $values[] = $value;
+            $s[] = "'%s'";
+          }
+          break;
       }
     }
     db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
diff --git a/modules/user/user.module b/modules/user/user.module
index c04d0bcf1..7527b7794 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -161,17 +161,26 @@ function user_save($account, $array = array(), $category = 'account') {
     // fields from being saved there. We cannot invoke hook_user('insert') here
     // because we don't have a fully initialized user object yet.
     foreach ($array as $key => $value) {
-      if ($key == 'pass') {
-        $fields[] = $key;
-        $values[] = md5($value);
-        $s[] = "'%s'";
-      }
-      else if (substr($key, 0, 4) !== 'auth') {
-        if (in_array($key, $user_fields)) {
-          $fields[] = db_escape_string($key);
-          $values[] = $value;
+      switch($key) {
+        case 'pass':
+          $fields[] = $key;
+          $values[] = md5($value);
           $s[] = "'%s'";
-        }
+          break;          
+        case 'uid':        case 'mode':     case 'sort':
+        case 'threshold':  case 'created':  case 'access':
+        case 'login':      case 'status':
+          $fields[] = $key;
+          $values[] = $value;
+          $s[] = "%d";
+          break;
+        default:
+          if (substr($key, 0, 4) !== 'auth' && in_array($key, $user_fields)) {
+            $fields[] = $key;
+            $values[] = $value;
+            $s[] = "'%s'";
+          }
+          break;
       }
     }
     db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);