summaryrefslogtreecommitdiff
path: root/www-ssl/nonpublic/myschichtplan.php
diff options
context:
space:
mode:
authorcookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2006-12-04 19:54:51 +0000
committercookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>2006-12-04 19:54:51 +0000
commita52ee4a288ec57c2983173460237e4137440a873 (patch)
tree3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/nonpublic/myschichtplan.php
parent34b50a61f8ec080d66449b7c644e5098102e2145 (diff)
SQL injektion behoben
git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/nonpublic/myschichtplan.php')
-rwxr-xr-xwww-ssl/nonpublic/myschichtplan.php7
1 files changed, 3 insertions, 4 deletions
diff --git a/www-ssl/nonpublic/myschichtplan.php b/www-ssl/nonpublic/myschichtplan.php
index 5aac2b61..be10951b 100755
--- a/www-ssl/nonpublic/myschichtplan.php
+++ b/www-ssl/nonpublic/myschichtplan.php
@@ -88,8 +88,7 @@ else
{
echo Get_Text("pub_mywake_delate1")."<br>\n";
- $sql = "SELECT * FROM `Shifts` WHERE ";
- $sql.= "(SID = \"". $_GET["SID"]. "\")";
+ $sql = "SELECT * FROM `Shifts` WHERE (`SID` = '". $_GET["SID"]. "')";
$Erg = mysql_query($sql, $con);
$schichtdate = mysql_result( $Erg, 0, "DateS" );
@@ -124,7 +123,7 @@ else
echo Get_Text("pub_myshift_Edit_Text1"). "\n";
$sql = "SELECT * FROM `ShiftEntry` WHERE ";
- $sql.= "(SID=\"". $_GET["SID"]. "\" AND UID=\"". $_SESSION['UID']. "\" )";
+ $sql.= "(`SID`='". $_GET["SID"]. "' AND `UID`='". $_SESSION['UID']. "')";
$Erg = mysql_query($sql, $con);
echo "<form action=\"./myschichtplan.php\" method=\"GET\">\n";
@@ -138,7 +137,7 @@ else
{
echo Get_Text("pub_myshift_EditSave_Text1"). "<br>\n";
$sql = "UPDATE `ShiftEntry` ".
- "SET `Comment` = \"". $_GET["newtext"]. "\" ".
+ "SET `Comment` = '". $_GET["newtext"]. "' ".
"WHERE `SID`='". $_GET["SID"]. "' AND `UID`='". $_SESSION['UID']. "' LIMIT 1;";
$Erg = mysql_query($sql, $con);
if ($Erg == 1)
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 12:00:50 +0000