diff options
| author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-11 07:47:43 +0000 |
|---|---|---|
| committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-11 07:47:43 +0000 |
| commit | 3f8cf2ca9beb7ef7ccd84912391e3e351be0985b (patch) | |
| tree | 18b9eed3984ef007eb09c96255b14e58172f40f3 /www-ssl/inc | |
| parent | 4736d1eb9ee63f0bc3121e078e2c1ed6669f3fda (diff) | |
sql injektion gemeldet by sven
git-svn-id: svn://svn.cccv.de/engel-system@204 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/inc')
| -rwxr-xr-x | www-ssl/inc/funktion_xml_schudle.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/www-ssl/inc/funktion_xml_schudle.php b/www-ssl/inc/funktion_xml_schudle.php index 93e664b3..55b1b682 100755 --- a/www-ssl/inc/funktion_xml_schudle.php +++ b/www-ssl/inc/funktion_xml_schudle.php @@ -30,7 +30,7 @@ function SaveSchedule() (substr($_GET["DateXML"], 8, 2)+1). " "; } else - $DateEnd = substr($_GET["DateXML"], 0, 11); + $dAteEnd = substr($_GET["DateXML"], 0, 11); $DateEnd .= "$TimeH:$TimeM:00"; //Namen ermitteln @@ -73,7 +73,7 @@ function SaveSchedule() // erstellt ein Array der Reume $sql2 = "SELECT * FROM `Room` ". - "WHERE `RID` = ".$_GET["RIDXML"]. " ". + "WHERE `RID`='".$_GET["RIDXML"]. "' ". "ORDER BY `Number`, `Name`;"; $Erg2 = mysql_query( $sql2, $con); for( $j=0; $j<mysql_num_fields( $Erg2); $j++) @@ -155,7 +155,7 @@ foreach($XMLmain->sub as $EventKey => $Event) SaveSchedule(); } - $SQL = "SELECT * FROM `Shifts` WHERE PSID='$PSIDXML'"; + $SQL = "SELECT * FROM `Shifts` WHERE `PSID`='$PSIDXML'"; $Erg = mysql_query($SQL, $con); if(mysql_num_rows($Erg)>0) { @@ -210,7 +210,7 @@ echo "<tr><td colspan=\"6\">status: $DS_KO/$DS_OK nicht Aktuel.</td></tr>\n"; //Anzeige von nicht im XML File vorkommende entraege if( $Where =="") - $SQL2 = "SELECT * FROM `Shifts` WHERE NOT PSID = '';"; + $SQL2 = "SELECT * FROM `Shifts` WHERE NOT `PSID`='';"; else $SQL2 = "SELECT * FROM `Shifts` WHERE NOT (".substr( $Where, 4). ") AND NOT PSID = '';"; |