[louizatakk]

$update = sql_query("update ".$pixelpost_db_prefix."config set resizeimage='".$_POST['new_resizeimage']."', maximagesize='".$_POST['new_image_sz']."\
',imagejpgcompression='".$_POST['new_image_quality']."' where admin='".$cfgrow['admin']."'");

This request fail if there is a « ' » in the admin nickname.
The $_POST variables are used in the request without any protection (security issue)