diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
commit | a52ee4a288ec57c2983173460237e4137440a873 (patch) | |
tree | 3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/nonpublic/news_comments.php | |
parent | 34b50a61f8ec080d66449b7c644e5098102e2145 (diff) |
SQL injektion behoben
git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/nonpublic/news_comments.php')
-rwxr-xr-x | www-ssl/nonpublic/news_comments.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/www-ssl/nonpublic/news_comments.php b/www-ssl/nonpublic/news_comments.php index 6e303cea..a1019765 100755 --- a/www-ssl/nonpublic/news_comments.php +++ b/www-ssl/nonpublic/news_comments.php @@ -12,8 +12,8 @@ if( IsSet( $_GET["nid"])) if( IsSet( $_GET["text"])) { - $ch_sql="INSERT INTO news_comments (Refid, Datum, Text, UID) VALUES ('". - $_GET["nid"]. "', '". date("Y-m-d H:i:s"). "', '". $_GET["text"]. "', '". $_SESSION["UID"]. "')"; + $ch_sql="INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) ". + "VALUES ('". $_GET["nid"]. "', '". date("Y-m-d H:i:s"). "', '". $_GET["text"]. "', '". $_SESSION["UID"]. "')"; $Erg = mysql_query($ch_sql, $con); if ($Erg == 1) { @@ -22,7 +22,7 @@ if( IsSet( $_GET["text"])) } } -$SQL = "SELECT * FROM news_comments where Refid = '". $_GET["nid"]. "' ORDER BY 'ID'"; +$SQL = "SELECT * FROM `news_comments` WHERE `Refid`='". $_GET["nid"]. "' ORDER BY 'ID'"; $Erg = mysql_query($SQL, $con); echo mysql_error( $con); // anzahl zeilen |