summaryrefslogtreecommitdiff
path: root/includes/sys_shift.php
diff options
context:
space:
mode:
authorDaniel Friesel <derf@finalrewind.org>2011-06-10 10:30:51 +0200
committerDaniel Friesel <derf@finalrewind.org>2011-06-10 10:30:51 +0200
commite715245e1298313a1c9be3574d71b83b8f849da3 (patch)
treef787fd03470db8145549035ed86ba8a73a39e1a2 /includes/sys_shift.php
parentf7b335f8aec23b47327f1fce3999d873f78b3f7f (diff)
More sql escapes
Diffstat (limited to 'includes/sys_shift.php')
-rw-r--r--includes/sys_shift.php23
1 files changed, 12 insertions, 11 deletions
diff --git a/includes/sys_shift.php b/includes/sys_shift.php
index ff75465c..7baeb8a4 100644
--- a/includes/sys_shift.php
+++ b/includes/sys_shift.php
@@ -71,7 +71,7 @@ function ausgabe_Feld_Inhalt($SID, $Man) {
$Spalten .= funktion_isLinkAllowed_addLink_OrEmpty("admin/schichtplan.php?action=change&SID=$SID", "edit<br />\n");
///////////////////////////////////////////////////////////////////
- // Ausgabe des Schischtnamens
+ // Ausgabe des Schichtnamens
///////////////////////////////////////////////////////////////////
$SQL = "SELECT `URL` FROM `Shifts` WHERE (`SID` = '$SID');";
$Erg = mysql_query($SQL, $con);
@@ -84,7 +84,7 @@ function ausgabe_Feld_Inhalt($SID, $Man) {
///////////////////////////////////////////////////////////////////
// SQL abfrage f�r die ben�tigten schichten
///////////////////////////////////////////////////////////////////
- $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '$SID') ORDER BY `TID`, `UID` DESC ;";
+ $SQL = "SELECT * FROM `ShiftEntry` WHERE (`SID` = '" . sql_escape($SID) . "') ORDER BY `TID`, `UID` DESC ;";
$Erg = mysql_query($SQL, $con);
$Anzahl = mysql_num_rows($Erg);
@@ -164,7 +164,7 @@ function ausgabe_Feld_Inhalt($SID, $Man) {
// ausgabe ben�tigter Engel
////////////////////////////
//in vergangenheit
- $SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='$SID' AND `DateE` >= '" .
+ $SQLtime = "SELECT `DateE` FROM `Shifts` WHERE (`SID`='" . sql_escape($SID) . "' AND `DateE` >= '" .
gmdate("Y-m-d H:i:s", time() + $gmdateOffset) . "')";
$Ergtime = mysql_query($SQLtime, $con);
if (mysql_num_rows($Ergtime) > 0) {
@@ -219,8 +219,8 @@ function CreateRoomShifts($raum) {
// beginnt die erste schicht vor dem heutigen tag und geht dar�ber hinaus
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
- "WHERE ((`RID` = '$raum') AND (`DateE` > '$ausdatum 23:59:59') AND " .
- "(`DateS` < '$ausdatum 00:00:00') ) ORDER BY `DateS`;";
+ "WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '$ausdatum 23:59:59') AND " .
+ "(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
@@ -249,8 +249,9 @@ function CreateRoomShifts($raum) {
// beginnt die erste schicht vor dem heutigen tag?
/////////////////////////////////////////////////////////////
$SQLSonder = "SELECT `SID`, `DateS`, `DateE` , `Len`, `Man` FROM `Shifts` " .
- "WHERE ((`RID` = '$raum') AND (`DateE` > '$ausdatum 00:00:00') AND " .
- "(`DateS` < '$ausdatum 00:00:00') ) ORDER BY `DateS`;";
+ "WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` > '" . sql_escape($ausdatum) . " 00:00:00') AND " .
+ "(`DateS` < '" . sql_escape($ausdatum) . " 00:00:00') ) ORDER BY `DateS`;";
+
$ErgSonder = mysql_query($SQLSonder, $con);
if ((mysql_num_rows($ErgSonder) > 1)) {
if (funktion_isLinkAllowed("admin/schichtplan.php") === TRUE) {
@@ -276,9 +277,9 @@ function CreateRoomShifts($raum) {
// gibt die schichten f�r den tag aus
/////////////////////////////////////////////////////////////
$SQL = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
- "WHERE ((`RID` = '$raum') and " .
- "(`DateS` >= '$ausdatum $ZeitZeiger:00:00') and " .
- "(`DateS` like '$ausdatum%')) ORDER BY `DateS`;";
+ "WHERE ((`RID` = '" . sql_escape($raum) . "') and " .
+ "(`DateS` >= '" . sql_escape($ausdatum) . ' ' . sql_escape($ZeitZeiger) . ":00:00') and " .
+ "(`DateS` like '" . sql_escape($ausdatum) . "%')) ORDER BY `DateS`;";
$Erg = mysql_query($SQL, $con);
for ($i = 0; $i < mysql_num_rows($Erg); ++ $i) {
$ZeitPos = substr(mysql_result($Erg, $i, "DateS"), 11, 2) + (substr(mysql_result($Erg, $i, "DateS"), 14, 2) / 60);
@@ -370,7 +371,7 @@ function SummRoomShifts($raum) {
global $ausdatum, $con, $debug, $GlobalZeileProStunde;
$SQLSonder = "SELECT `SID`, `DateS`, `Len`, `Man` FROM `Shifts` " .
- "WHERE ((`RID` = '$raum') AND (`DateE` >= '$ausdatum 00:00:00') AND " .
+ "WHERE ((`RID` = '" . sql_escape($raum) . "') AND (`DateE` >= '$ausdatum 00:00:00') AND " .
"(`DateS` <= '$ausdatum 23:59:59') ) ORDER BY `DateS`;";
$ErgSonder = mysql_query($SQLSonder, $con);