diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-10 11:07:21 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-10 11:07:21 +0000 |
commit | 4736d1eb9ee63f0bc3121e078e2c1ed6669f3fda (patch) | |
tree | 564a6893b78b7f804497a3144b4f1a4a7d4ad6d9 | |
parent | c31e620d2c12855255719cbbbd658af57c3a2070 (diff) |
sql-injection beseitigt dank sven
git-svn-id: svn://svn.cccv.de/engel-system@203 29ba0400-6e00-0410-a75a-ca02368028f8
-rwxr-xr-x | www-ssl/makeuser.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/www-ssl/makeuser.php b/www-ssl/makeuser.php index b7df67a0..c2b32077 100755 --- a/www-ssl/makeuser.php +++ b/www-ssl/makeuser.php @@ -56,7 +56,7 @@ if( isset($_POST["send"])) "`Hometown`,". "`CreateDate` ) ". "VALUES ( ". "'". $_POST["Nick"]. "', ". "'". $_POST["Name"]. "', ". - "'". $_POST["Vorname"]. "', ". $_POST["Alter"]. ", ". + "'". $_POST["Vorname"]. "', ". "'". $_POST["Alter"]. "', ". "'". $_POST["Telefon"]. "', ". "'". $_POST["DECT"]. "', ". "'". $_POST["Handy"]. "', ". "'". $_POST["email"]. "', ". "'". $_POST["ICQ"]. "', ". "'". $_POST["jabber"]. "', ". @@ -74,7 +74,7 @@ if( isset($_POST["send"])) { echo "<p class=\"important\">". Get_Text("makeuser_writeOK"). "\n"; - $SQL2 = "SELECT UID FROM `User` WHERE Nick='". $_POST["Nick"]. "';"; + $SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='". $_POST["Nick"]. "';"; $Erg2 = mysql_query($SQL2, $con); $Data = mysql_fetch_array($Erg2); |