diff options
author | Philip Häusler <msquare@notrademark.de> | 2011-06-11 14:42:21 +0200 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2011-06-11 14:42:21 +0200 |
commit | 23c113ed32bc59feb5887fa0179c84b9778e72ba (patch) | |
tree | d886038d861d836f38d3a1b9f92613517311deb0 /includes/sys_user.php | |
parent | 75efdfcf57eff87509770358e038417fd10cc2ca (diff) | |
parent | e715245e1298313a1c9be3574d71b83b8f849da3 (diff) |
Merge branch 'spezial_includes_camp' of ssh://git.planetcyborg.de/home/git/projects/engelsystem into spezial_includes_camp
Diffstat (limited to 'includes/sys_user.php')
-rw-r--r-- | includes/sys_user.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/includes/sys_user.php b/includes/sys_user.php index 4f55da38..8d5a6ae6 100644 --- a/includes/sys_user.php +++ b/includes/sys_user.php @@ -1,9 +1,9 @@ <?php function UID2Nick($UID) { if ($UID > 0) - $SQL = "SELECT Nick FROM `User` WHERE UID='$UID'"; + $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; else - $SQL = "SELECT Name FROM `Groups` WHERE UID='$UID'"; + $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'"; $Erg = sql_select($SQL); @@ -23,7 +23,7 @@ function UID2Nick($UID) { function TID2Type($TID) { global $con; - $SQL = "SELECT Name FROM `EngelType` WHERE TID='$TID'"; + $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'"; $Erg = mysql_query($SQL, $con); if (mysql_num_rows($Erg)) @@ -62,7 +62,7 @@ function ReplaceSmilies($neueckig) { function GetPicturShow($UID) { global $con; - $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='$UID'"; + $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'"; $res = mysql_query($SQL, $con); if (mysql_num_rows($res) == 1) @@ -95,7 +95,7 @@ function displayavatar($UID, $height = "30") { function UIDgekommen($UID) { global $con; - $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='$UID'"; + $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'"; $Erg = mysql_query($SQL, $con); if (mysql_num_rows($Erg)) |