From a52ee4a288ec57c2983173460237e4137440a873 Mon Sep 17 00:00:00 2001 From: cookie Date: Mon, 4 Dec 2006 19:54:51 +0000 Subject: SQL injektion behoben git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8 --- www-ssl/admin/aktiv.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'www-ssl/admin/aktiv.php') diff --git a/www-ssl/admin/aktiv.php b/www-ssl/admin/aktiv.php index 35eab81e..1bf7fbe1 100755 --- a/www-ssl/admin/aktiv.php +++ b/www-ssl/admin/aktiv.php @@ -27,7 +27,7 @@ echo "\n"; if( Isset($_POST["ResetActive"]) ) { - $SQLreset = "UPDATE `User` SET `Aktiv` = '0'"; + $SQLreset = "UPDATE `User` SET `Aktiv`='0'"; $ErgReset = db_query($SQLreset, "Reset Active"); if ($ErgReset != 1) echo "Fehler beim zuruecksetzen der Activ\n"; @@ -50,11 +50,11 @@ echo "\t". Get_Text("pub_aktive_Active"). "\n"; echo "\n"; $SQL = "SELECT ShiftEntry.UID, COUNT(ShiftEntry.UID) AS NR, SUM(Shifts.Len) as LEN ". - "FROM `ShiftEntry` ". - "LEFT JOIN `Shifts` ON ShiftEntry.SID=Shifts.SID ". - "WHERE NOT UID=0 ". - "GROUP BY UID ". - "ORDER BY LEN DESC, NR DESC, UID "; + "FROM `ShiftEntry` ". + "LEFT JOIN `Shifts` ON ShiftEntry.SID=Shifts.SID ". + "WHERE NOT UID=0 ". + "GROUP BY UID ". + "ORDER BY LEN DESC, NR DESC, UID "; $Erg = mysql_query($SQL, $con); echo mysql_error($con); $rowcount = mysql_num_rows($Erg); @@ -76,7 +76,7 @@ for ($i=0; $i<$rowcount; $i++) echo "show set"; else { - $SQL2="UPDATE `User` SET Aktiv=1 WHERE UID=". mysql_result($Erg, $i, "UID"). " LIMIT 1"; + $SQL2="UPDATE `User` SET `Aktiv`='1' WHERE `UID`='". mysql_result($Erg, $i, "UID"). "' LIMIT 1"; $Erg2 = db_query($SQL2, "update Active State"); if ($Erg2 != 1) echo "Fehler beim speichern bei Engel ".UID2Nick(mysql_result($Erg, $i, "UID")); -- cgit v1.2.3-70-g09d2