diff options
author | Philip Häusler <msquare@notrademark.de> | 2014-12-28 13:44:56 +0100 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2014-12-28 13:44:56 +0100 |
commit | 6bede2fd229395f34c321a37efa2ea93e7b1a7ba (patch) | |
tree | a20c74d5bdddae9e1ec9a988e1ba468371a4a995 /includes/pages/admin_shifts.php | |
parent | a6ab81b834fe91b0f0704a7db33e377c8dc63a23 (diff) |
harden the sql queries
Diffstat (limited to 'includes/pages/admin_shifts.php')
-rw-r--r-- | includes/pages/admin_shifts.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 658605c1..5ff46fc9 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -143,7 +143,7 @@ function admin_shifts() { if ($ok) { if ($angelmode == 'location') { $needed_angel_types = array(); - $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`=" . sql_escape($rid)); + $needed_angel_types_location = sql_select("SELECT * FROM `NeededAngelTypes` WHERE `room_id`='" . sql_escape($rid) . "'"); foreach ($needed_angel_types_location as $type) $needed_angel_types[$type['angel_type_id']] = $type['count']; } @@ -272,9 +272,9 @@ function admin_shifts() { engelsystem_log("Shift created: " . $shifttypes[$shift['shifttype_id']] . " with title " . $shift['title'] . " from " . date("Y-m-d H:i", $shift['start']) . " to " . date("Y-m-d H:i", $shift['end'])); $needed_angel_types_info = array(); foreach ($_SESSION['admin_shifts_types'] as $type_id => $count) { - $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`=" . sql_escape($type_id) . " LIMIT 1"); + $angel_type_source = sql_select("SELECT * FROM `AngelTypes` WHERE `id`='" . sql_escape($type_id) . "' LIMIT 1"); if (count($angel_type_source) > 0) { - sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`=" . sql_escape($shift_id) . ", `angel_type_id`=" . sql_escape($type_id) . ", `count`=" . sql_escape($count)); + sql_query("INSERT INTO `NeededAngelTypes` SET `shift_id`='" . sql_escape($shift_id) . "', `angel_type_id`='" . sql_escape($type_id) . "', `count`='" . sql_escape($count) . "'"); $needed_angel_types_info[] = $angel_type_source[0]['name'] . ": " . $count; } } |