diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
commit | a52ee4a288ec57c2983173460237e4137440a873 (patch) | |
tree | 3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/nonpublic/index.php | |
parent | 34b50a61f8ec080d66449b7c644e5098102e2145 (diff) |
SQL injektion behoben
git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/nonpublic/index.php')
-rwxr-xr-x | www-ssl/nonpublic/index.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/www-ssl/nonpublic/index.php b/www-ssl/nonpublic/index.php index 20b32c00..ba47e4d9 100755 --- a/www-ssl/nonpublic/index.php +++ b/www-ssl/nonpublic/index.php @@ -20,7 +20,7 @@ if ( !IsSet($_POST["user"])) } else { // User ist noch nicht angemeldet - $sql = "select * from User where Nick = '". $_POST["user"]. "'"; + $sql = "SELECT * FROM `User` WHERE `Nick`='". $_POST["user"]. "'"; $userstring = mysql_query($sql, $con); // anzahl zeilen @@ -54,7 +54,7 @@ else $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; // CVS import Data - $SQL = "SELECT * FROM `UserCVS` WHERE UID='".$_SESSION['UID']."'"; + $SQL = "SELECT * FROM `UserCVS` WHERE `UID`='".$_SESSION['UID']."'"; $Erg_CVS = mysql_query($SQL, $con); $_SESSION['CVS'] = mysql_fetch_array($Erg_CVS); |