summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2006-12-10 11:07:21 +0000
committercookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2006-12-10 11:07:21 +0000
commit4736d1eb9ee63f0bc3121e078e2c1ed6669f3fda (patch)
tree564a6893b78b7f804497a3144b4f1a4a7d4ad6d9
parentc31e620d2c12855255719cbbbd658af57c3a2070 (diff)
sql-injection beseitigt dank sven
git-svn-id: svn://svn.cccv.de/engel-system@203 29ba0400-6e00-0410-a75a-ca02368028f8
-rwxr-xr-xwww-ssl/makeuser.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/www-ssl/makeuser.php b/www-ssl/makeuser.php
index b7df67a0..c2b32077 100755
--- a/www-ssl/makeuser.php
+++ b/www-ssl/makeuser.php
@@ -56,7 +56,7 @@ if( isset($_POST["send"]))
"`Hometown`,". "`CreateDate` ) ".
"VALUES ( ".
"'". $_POST["Nick"]. "', ". "'". $_POST["Name"]. "', ".
- "'". $_POST["Vorname"]. "', ". $_POST["Alter"]. ", ".
+ "'". $_POST["Vorname"]. "', ". "'". $_POST["Alter"]. "', ".
"'". $_POST["Telefon"]. "', ". "'". $_POST["DECT"]. "', ".
"'". $_POST["Handy"]. "', ". "'". $_POST["email"]. "', ".
"'". $_POST["ICQ"]. "', ". "'". $_POST["jabber"]. "', ".
@@ -74,7 +74,7 @@ if( isset($_POST["send"]))
{
echo "<p class=\"important\">". Get_Text("makeuser_writeOK"). "\n";
- $SQL2 = "SELECT UID FROM `User` WHERE Nick='". $_POST["Nick"]. "';";
+ $SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='". $_POST["Nick"]. "';";
$Erg2 = mysql_query($SQL2, $con);
$Data = mysql_fetch_array($Erg2);