diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
commit | a52ee4a288ec57c2983173460237e4137440a873 (patch) | |
tree | 3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/admin/tshirt.php | |
parent | 34b50a61f8ec080d66449b7c644e5098102e2145 (diff) |
SQL injektion behoben
git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/admin/tshirt.php')
-rwxr-xr-x | www-ssl/admin/tshirt.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/www-ssl/admin/tshirt.php b/www-ssl/admin/tshirt.php index 2e843e92..87dc1c73 100755 --- a/www-ssl/admin/tshirt.php +++ b/www-ssl/admin/tshirt.php @@ -9,7 +9,7 @@ include ("./inc/funktion_user.php"); If (IsSet($_GET["aktiv"])) { - $SQL="Update User set Tshirt=\"1\" where UID=\"". $_GET["aktiv"]. "\" limit 1"; + $SQL="UPDATE `User` SET `Tshirt`='1' WHERE `UID`='". $_GET["aktiv"]. "' limit 1"; $Erg = mysql_query($SQL, $con); if ($Erg == 1) { } else { @@ -25,7 +25,7 @@ Hinter diesem erscheint ein Link, über den man eintragen kann, dass der Eng Liste aller aktiven Engel: <?PHP -$SQL = "SELECT * from User where (Aktiv = 1) ORDER BY Nick ASC"; +$SQL = "SELECT * FROM `User` WHERE (`Aktiv`='1') ORDER BY `Nick` ASC"; $Erg = mysql_query($SQL, $con); $rowcount = mysql_num_rows($Erg); |