summaryrefslogtreecommitdiff
path: root/includes/pages/user_settings.php
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2014-12-28 13:44:56 +0100
committerPhilip Häusler <msquare@notrademark.de>2014-12-28 13:44:56 +0100
commit6bede2fd229395f34c321a37efa2ea93e7b1a7ba (patch)
treea20c74d5bdddae9e1ec9a988e1ba468371a4a995 /includes/pages/user_settings.php
parenta6ab81b834fe91b0f0704a7db33e377c8dc63a23 (diff)
harden the sql queries
Diffstat (limited to 'includes/pages/user_settings.php')
-rw-r--r--includes/pages/user_settings.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index 0d569661..20ed3468 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -82,11 +82,11 @@ function user_settings() {
`DECT`='" . sql_escape($dect) . "',
`Handy`='" . sql_escape($mobile) . "',
`email`='" . sql_escape($mail) . "',
- `email_shiftinfo`=" . sql_escape($email_shiftinfo ? 'TRUE' : 'FALSE') . ",
+ `email_shiftinfo`='" . sql_escape($email_shiftinfo ? 'TRUE' : 'FALSE') . "',
`jabber`='" . sql_escape($jabber) . "',
`Size`='" . sql_escape($tshirt_size) . "',
`Hometown`='" . sql_escape($hometown) . "'
- WHERE `UID`=" . sql_escape($user['UID']));
+ WHERE `UID`='" . sql_escape($user['UID']) . "'");
success(_("Settings saved."));
redirect(page_link_to('user_settings'));
@@ -114,7 +114,7 @@ function user_settings() {
$ok = false;
if ($ok) {
- sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`=" . sql_escape($user['UID']));
+ sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
success(_("Theme changed."));
redirect(page_link_to('user_settings'));
@@ -128,7 +128,7 @@ function user_settings() {
$ok = false;
if ($ok) {
- sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`=" . sql_escape($user['UID']));
+ sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
$_SESSION['locale'] = $selected_language;
success("Language changed.");