diff --git a/src/bnetd/storage_sql.cpp b/src/bnetd/storage_sql.cpp
index 1900c84..487de30 100644
--- a/src/bnetd/storage_sql.cpp
+++ b/src/bnetd/storage_sql.cpp
@@ -136,7 +136,7 @@ namespace pvpgn
 			user = xstrdup(username);
 			strtolower(user);
 			snprintf(query, sizeof(query), "SELECT count(*) FROM %sBNET WHERE username='%s'", tab_prefix, user);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 
 			if ((result = sql->query_res(query)) != NULL)
 			{
@@ -166,21 +166,21 @@ namespace pvpgn
 			info = xmalloc(sizeof(t_sql_info));
 			*((unsigned int *)info) = uid;
 			snprintf(query, sizeof(query), "DELETE FROM %sBNET WHERE " SQL_UID_FIELD " = '%u'", tab_prefix, uid);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			sql->query(query);
 			snprintf(query, sizeof(query), "INSERT INTO %sBNET (" SQL_UID_FIELD ",username) VALUES('%u','%s')", tab_prefix, uid, user);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			if (sql->query(query))
 			{
-				eventlog(eventlog_level_error, __FUNCTION__, "user insert failed (query: '%s')", query);
+				eventlog(eventlog_level_error, __FUNCTION__, "user insert failed (query: '%s')", "%s", query);
 				goto err_info;
 			}
 
 			snprintf(query, sizeof(query), "DELETE FROM %sprofile WHERE " SQL_UID_FIELD " = '%u'", tab_prefix, uid);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			sql->query(query);
 			snprintf(query, sizeof(query), "INSERT INTO %sprofile (" SQL_UID_FIELD ") VALUES('%u')", tab_prefix, uid);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			if (sql->query(query))
 			{
 				eventlog(eventlog_level_error, __FUNCTION__, "user insert failed (query: '%s')", query);
@@ -188,10 +188,10 @@ namespace pvpgn
 			}
 
 			snprintf(query, sizeof(query), "DELETE FROM %sRecord WHERE " SQL_UID_FIELD " = '%u'", tab_prefix, uid);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			sql->query(query);
 			snprintf(query, sizeof(query), "INSERT INTO %sRecord (" SQL_UID_FIELD ") VALUES('%u')", tab_prefix, uid);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			if (sql->query(query))
 			{
 				eventlog(eventlog_level_error, __FUNCTION__, "user insert failed (query: '%s')", query);
@@ -199,10 +199,10 @@ namespace pvpgn
 			}
 
 			snprintf(query, sizeof(query), "DELETE FROM %sfriend WHERE " SQL_UID_FIELD " = '%u'", tab_prefix, uid);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			sql->query(query);
 			snprintf(query, sizeof(query), "INSERT INTO %sfriend (" SQL_UID_FIELD ") VALUES('%u')", tab_prefix, uid);
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 			if (sql->query(query))
 			{
 				eventlog(eventlog_level_error, __FUNCTION__, "user insert failed (query: '%s')", query);
@@ -256,7 +256,7 @@ namespace pvpgn
 					continue;
 
 				snprintf(query, sizeof(query), "SELECT * FROM %s%s WHERE " SQL_UID_FIELD "='%u'", tab_prefix, *tab, uid);
-				eventlog(eventlog_level_trace, __FUNCTION__, query);
+				eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 
 				if ((result = sql->query_res(query)) != NULL && sql->num_rows(result) == 1 && sql->num_fields(result) > 1)
 				{
@@ -461,14 +461,14 @@ namespace pvpgn
 
 				/* FIRST TIME UPDATE EACH ATTRIBUTE IN A SINGLE QUERY AND SAVE ATTRIBUTE NAME IN `knownattributes` */
 				snprintf(query, sizeof(query), "UPDATE %s%s SET `%s` = '%s' WHERE " SQL_UID_FIELD " = '%u'", tab_prefix, tab, col, escape, uid);
-				eventlog(eventlog_level_trace, "db_set", query);
+				eventlog(eventlog_level_trace, "db_set", "%s", query);
 
 				if (sql->query(query) || !sql->affected_rows()) {
 					char query2[512];
 
 					//	    eventlog(eventlog_level_debug, __FUNCTION__, "trying to insert new column %s", col);
 					snprintf(query2, sizeof(query2), "ALTER TABLE %s%s ADD COLUMN `%s` VARCHAR(128)", tab_prefix, tab, col);
-					eventlog(eventlog_level_trace, __FUNCTION__, query2);
+					eventlog(eventlog_level_trace, __FUNCTION__, "%s", query2);
 					
 					sql->query(query2);
 
@@ -477,7 +477,7 @@ namespace pvpgn
 					if (sql->query(query) || !sql->affected_rows()) {
 						// Tried everything, now trying to insert that user to the table for the first time
 						snprintf(query2, sizeof(query2), "INSERT INTO %s%s (" SQL_UID_FIELD ",`%s`) VALUES ('%u','%s')", tab_prefix, tab, col, uid, escape);
-						eventlog(eventlog_level_trace, __FUNCTION__, query2);
+						eventlog(eventlog_level_trace, __FUNCTION__, "%s", query2);
 						//              eventlog(eventlog_level_error, __FUNCTION__, "update failed so tried INSERT for the last chance");
 						if (sql->query(query2))
 						{
@@ -542,7 +542,7 @@ namespace pvpgn
 			else
 				snprintf(query, sizeof(query), "SELECT " SQL_UID_FIELD " FROM %sBNET WHERE " SQL_UID_FIELD " = '%u'", tab_prefix, uid);
 			
-			eventlog(eventlog_level_trace, __FUNCTION__, query);
+			eventlog(eventlog_level_trace, __FUNCTION__, "%s", query);
 
 			result = sql->query_res(query);
 			if (!result) {