From 6bede2fd229395f34c321a37efa2ea93e7b1a7ba Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Sun, 28 Dec 2014 13:44:56 +0100
Subject: harden the sql queries

---
 includes/pages/admin_arrive.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'includes/pages/admin_arrive.php')

diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index bec1ae56..f51ef7ac 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -13,7 +13,7 @@ function admin_arrive() {
     $id = $_REQUEST['reset'];
     $user_source = User($id);
     if ($user_source != null) {
-      sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+      sql_query("UPDATE `User` SET `Gekommen`=0 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
       engelsystem_log("User set to not arrived: " . User_Nick_render($user_source));
       $msg = success(_("Reset done. Angel has not arrived."), true);
     } else
@@ -22,7 +22,7 @@ function admin_arrive() {
     $id = $_REQUEST['arrived'];
     $user_source = User($id);
     if ($user_source != null) {
-      sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+      sql_query("UPDATE `User` SET `Gekommen`=1 WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
       engelsystem_log("User set has arrived: " . User_Nick_render($user_source));
       $msg = success(_("Angel has been marked as arrived."), true);
     } else
-- 
cgit v1.2.3-54-g00ecf