SQL injektion behoben

git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
author: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> 2006-12-04 19:54:51 +0000
committer: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> 2006-12-04 19:54:51 +0000
commit: a52ee4a288ec57c2983173460237e4137440a873 (patch)
tree: 3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/nonpublic/schichtplan_add.php
parent: 34b50a61f8ec080d66449b7c644e5098102e2145 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/www-ssl/nonpublic/schichtplan_add.php b/www-ssl/nonpublic/schichtplan_add.php
index f12690c7..69170763 100755
--- a/www-ssl/nonpublic/schichtplan_add.php
+++ b/www-ssl/nonpublic/schichtplan_add.php
@@ -35,7 +35,7 @@ if (isset($_POST["newtext"]) && isset($_POST["SID"]) && isset($_POST["TID"])) {
 	{
 		//ermitteln der noch gesuchten
 		$SQL3 = "SELECT * FROM `ShiftEntry`".
-			" WHERE ((`SID` = '". $_POST["SID"]. "') and (`TID` = '". $_POST["TID"]. "') and (`UID` = '0'));";
+			" WHERE ((`SID` = '". $_POST["SID"]. "') AND (`TID` = '". $_POST["TID"]. "') AND (`UID` = '0'));";
 		$Erg3 = mysql_query($SQL3, $con);
 
 		if( mysql_num_rows($Erg3) <= 0 ) 
@@ -65,7 +65,7 @@ elseif (isset($_GET["SID"]) && isset($_GET["TID"])) {
 	"<table border=\"0\">\n";
 
   $SQL = "SELECT * FROM `Shifts` WHERE ";
-  $SQL .="(SID = '". $_GET["SID"]. "')";
+  $SQL .="(`SID` = '". $_GET["SID"]. "')";
   $Erg = mysql_query($SQL, $con);
   
   echo "<tr><td>". Get_Text("pub_schichtplan_add_Date"). ":</td> <td>".
author	cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>	2006-12-04 19:54:51 +0000
committer	cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>	2006-12-04 19:54:51 +0000
commit	a52ee4a288ec57c2983173460237e4137440a873 (patch)
tree	3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/nonpublic/schichtplan_add.php
parent	34b50a61f8ec080d66449b7c644e5098102e2145 (diff)