summaryrefslogtreecommitdiff
path: root/includes/sys_user.php
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2011-06-11 14:42:21 +0200
committerPhilip Häusler <msquare@notrademark.de>2011-06-11 14:42:21 +0200
commit23c113ed32bc59feb5887fa0179c84b9778e72ba (patch)
treed886038d861d836f38d3a1b9f92613517311deb0 /includes/sys_user.php
parent75efdfcf57eff87509770358e038417fd10cc2ca (diff)
parente715245e1298313a1c9be3574d71b83b8f849da3 (diff)
Merge branch 'spezial_includes_camp' of ssh://git.planetcyborg.de/home/git/projects/engelsystem into spezial_includes_camp
Diffstat (limited to 'includes/sys_user.php')
-rw-r--r--includes/sys_user.php10
1 files changed, 5 insertions, 5 deletions
diff --git a/includes/sys_user.php b/includes/sys_user.php
index 4f55da38..8d5a6ae6 100644
--- a/includes/sys_user.php
+++ b/includes/sys_user.php
@@ -1,9 +1,9 @@
<?php
function UID2Nick($UID) {
if ($UID > 0)
- $SQL = "SELECT Nick FROM `User` WHERE UID='$UID'";
+ $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'";
else
- $SQL = "SELECT Name FROM `Groups` WHERE UID='$UID'";
+ $SQL = "SELECT Name FROM `Groups` WHERE UID='" . sql_escape($UID) . "'";
$Erg = sql_select($SQL);
@@ -23,7 +23,7 @@ function UID2Nick($UID) {
function TID2Type($TID) {
global $con;
- $SQL = "SELECT Name FROM `EngelType` WHERE TID='$TID'";
+ $SQL = "SELECT Name FROM `EngelType` WHERE TID='" . sql_escape($TID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))
@@ -62,7 +62,7 @@ function ReplaceSmilies($neueckig) {
function GetPicturShow($UID) {
global $con;
- $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='$UID'";
+ $SQL = "SELECT `show` FROM `UserPicture` WHERE `UID`='" . sql_escape($UID) . "'";
$res = mysql_query($SQL, $con);
if (mysql_num_rows($res) == 1)
@@ -95,7 +95,7 @@ function displayavatar($UID, $height = "30") {
function UIDgekommen($UID) {
global $con;
- $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='$UID'";
+ $SQL = "SELECT `Gekommen` FROM `User` WHERE UID='" . sql_escape($UID) . "'";
$Erg = mysql_query($SQL, $con);
if (mysql_num_rows($Erg))