diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
commit | a52ee4a288ec57c2983173460237e4137440a873 (patch) | |
tree | 3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/nonpublic/faq.php | |
parent | 34b50a61f8ec080d66449b7c644e5098102e2145 (diff) |
SQL injektion behoben
git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/nonpublic/faq.php')
-rwxr-xr-x | www-ssl/nonpublic/faq.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/www-ssl/nonpublic/faq.php b/www-ssl/nonpublic/faq.php index fb7dab8c..b7d01835 100755 --- a/www-ssl/nonpublic/faq.php +++ b/www-ssl/nonpublic/faq.php @@ -23,7 +23,7 @@ if (!IsSet($_POST["eUID"])) echo "<b>".Get_Text(37)."</b><br><br>\n".nl2br($_POST["frage"])."<br><br>\n".Get_Text(38)."<br>\n"; -$SQL = "INSERT into Questions VALUES (\"\", \"".$_SESSION['UID']."\", \"". $_POST["frage"]. "\", \"\", \"\")"; +$SQL = "INSERT INTO `Questions` VALUES ('', '".$_SESSION['UID']."', '". $_POST["frage"]. "', '', '')"; $Erg = mysql_query($SQL, $con); } @@ -32,7 +32,7 @@ echo "<br>\n<b>".Get_Text(39)."</b><br>\n"; echo "<hr width=\"99%\">\n"; echo "<br><b>".Get_Text(40)."</b><br>\n"; -$SQL = "SELECT * from Questions where UID = ".$_SESSION['UID']." and AID=\"0\" ORDER BY 'QID' DESC"; +$SQL = "SELECT * FROM `Questions` WHERE `UID` = ". $_SESSION['UID']. " AND `AID`='0' ORDER BY 'QID' DESC"; $Erg = mysql_query($SQL, $con); // anzahl zeilen @@ -52,7 +52,7 @@ if ($Zeilen==0){ echo "<hr width=\"99%\">\n"; echo "<br><b>".Get_Text(42)."</b><br>\n"; -$SQL = "SELECT * from Questions where UID = ".$_SESSION['UID']." and AID<>\"0\" ORDER BY 'QID' DESC"; +$SQL = "SELECT * FROM `Questions` WHERE `UID`='".$_SESSION['UID']."' and `AID`<>'0' ORDER BY 'QID' DESC"; $Erg = mysql_query($SQL, $con); // anzahl zeilen |