SQL injektion behoben

git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
author: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> 2006-12-04 19:54:51 +0000
committer: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> 2006-12-04 19:54:51 +0000
commit: a52ee4a288ec57c2983173460237e4137440a873 (patch)
tree: 3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/admin/tshirt.php
parent: 34b50a61f8ec080d66449b7c644e5098102e2145 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/www-ssl/admin/tshirt.php b/www-ssl/admin/tshirt.php
index 2e843e92..87dc1c73 100755
--- a/www-ssl/admin/tshirt.php
+++ b/www-ssl/admin/tshirt.php
@@ -9,7 +9,7 @@ include ("./inc/funktion_user.php");
 
 If (IsSet($_GET["aktiv"])) {
 
-	$SQL="Update User set Tshirt=\"1\" where UID=\"". $_GET["aktiv"]. "\" limit 1";
+	$SQL="UPDATE `User` SET `Tshirt`='1' WHERE `UID`='". $_GET["aktiv"]. "' limit 1";
 	$Erg = mysql_query($SQL, $con);
         if ($Erg == 1) {
         } else {
@@ -25,7 +25,7 @@ Hinter diesem erscheint ein Link, &uuml;ber den man eintragen kann, dass der Eng
 Liste aller aktiven Engel:
 
 <?PHP
-$SQL = "SELECT * from User where (Aktiv = 1) ORDER BY Nick ASC"; 
+$SQL = "SELECT * FROM `User` WHERE (`Aktiv`='1') ORDER BY `Nick` ASC"; 
 $Erg = mysql_query($SQL, $con);
 
 $rowcount = mysql_num_rows($Erg);
author	cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>	2006-12-04 19:54:51 +0000
committer	cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>	2006-12-04 19:54:51 +0000
commit	a52ee4a288ec57c2983173460237e4137440a873 (patch)
tree	3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/admin/tshirt.php
parent	34b50a61f8ec080d66449b7c644e5098102e2145 (diff)