diff options
author | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
---|---|---|
committer | cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8> | 2006-12-04 19:54:51 +0000 |
commit | a52ee4a288ec57c2983173460237e4137440a873 (patch) | |
tree | 3c4101df8fffbbca647ef9d86e6e9410ca1f26e1 /www-ssl/nonpublic/wecken.php | |
parent | 34b50a61f8ec080d66449b7c644e5098102e2145 (diff) |
SQL injektion behoben
git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'www-ssl/nonpublic/wecken.php')
-rwxr-xr-x | www-ssl/nonpublic/wecken.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/www-ssl/nonpublic/wecken.php b/www-ssl/nonpublic/wecken.php index 66597dbb..6758da2b 100755 --- a/www-ssl/nonpublic/wecken.php +++ b/www-ssl/nonpublic/wecken.php @@ -8,9 +8,9 @@ include ("./inc/funktion_user.php"); if( isset($_POST["eintragen"])) if( $_POST["eintragen"] == Get_Text("pub_wake_bouton") ) { - $SQL = "INSERT INTO Wecken (`UID`, `Date`, `Ort`, `Bemerkung`) ". - "VALUES (".$_SESSION['UID'].", \"". $_POST["Date"]. "\", \"". $_POST["Ort"]. - "\", \"". $_POST["Bemerkung"]. "\") "; + $SQL = "INSERT INTO `Wecken` (`UID`, `Date`, `Ort`, `Bemerkung`) ". + "VALUES ('". $_SESSION['UID']. "', '". $_POST["Date"]. "', '". $_POST["Ort"]. "', ". + "'". $_POST["Bemerkung"]. "')"; $Erg = mysql_query($SQL, $con); if ($Erg == 1) Print_Text(4); @@ -18,7 +18,7 @@ if( isset($_POST["eintragen"])) if( isset($_GET["eintragen"])) if ($_GET["eintragen"] == "loeschen") { - $SQL = "Delete from Wecken where UID = ".$_SESSION['UID']." and ID = ". $_GET["weckID"]." limit 1"; + $SQL = "DELETE FROM `Wecken` WHERE `UID`='". $_SESSION['UID']. "' AND `ID`='". $_GET["weckID"]."' LIMIT 1"; $Erg = mysql_query($SQL, $con); if ($Erg == 1) Print_Text(4); @@ -38,7 +38,7 @@ echo Get_Text("pub_wake_beschreibung2"); ?> </tr> <?PHP - $sql = "Select * from Wecken where UID='".$_SESSION['UID']."' order by Date asc"; + $sql = "SELECT * FROM `Wecken` WHERE `UID`='". $_SESSION['UID']. "' ORDER BY `Date` ASC"; $Erg = mysql_query($sql, $con); $count = mysql_num_rows($Erg); |