diff --git a/server.py b/server.py
index dde9977c0cd31f880bf177c9086f4897a01e1342..db58e4ae57d7e1f20768a99f37d3ef4e9113dd3f 100644
--- a/server.py
+++ b/server.py
@@ -275,11 +275,9 @@ def edit(prefix='', ignore=[]):
 	if not prefix and 'prefix' in request.args:
 		prefix = request.args['prefix']
 	modify('BEGIN')
+	changes = request.values.items()
 	if request.is_json:
 		changes = request.get_json().items()
-	else:
-		changes = request.args.items()
-	created = {}
 	for key, val in changes:
 		if key in ignore:
 			continue
@@ -299,9 +297,19 @@ def edit(prefix='', ignore=[]):
 @mod_required
 def create(table):
 	assert table in tabs
-	id = modify('INSERT INTO %s (created_by, time_created, time_updated) VALUES (?, ?, ?)'%tabs[table][0],
-			session['user']['dbid'], datetime.now(), datetime.now())
-	edit(prefix=table+'.'+str(id)+'.')
+	columns = ['created_by', 'time_created', 'time_updated']
+	values = [session['user']['dbid'], datetime.now(), datetime.now()]
+	args = request.values
+	if request.is_json:
+		args = request.get_json()
+	for column, val in args.items():
+		if column == 'ref':
+			continue
+		assert column in tabs[table][2]
+		columns.append(column)
+		values.append(val)
+	id = modify('INSERT INTO %s (%s) VALUES (%s)'%(tabs[table][0],
+				','.join(columns), ','.join(['?']*len(values))), *values)
 	if 'ref' in request.values:
 		return redirect(request.values['ref'])
 	return str(id), 200