return sql_query("
      UPDATE `User` SET
      `Nick`='" . sql_escape($nick) . "',
      `Vorname`='" . sql_escape($prename) . "',
      `Name`='" . sql_escape($lastname) . "',