From 4736d1eb9ee63f0bc3121e078e2c1ed6669f3fda Mon Sep 17 00:00:00 2001
From: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>
Date: Sun, 10 Dec 2006 11:07:21 +0000
Subject: sql-injection beseitigt dank sven

git-svn-id: svn://svn.cccv.de/engel-system@203 29ba0400-6e00-0410-a75a-ca02368028f8
---
 www-ssl/makeuser.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'www-ssl/makeuser.php')

diff --git a/www-ssl/makeuser.php b/www-ssl/makeuser.php
index b7df67a0..c2b32077 100755
--- a/www-ssl/makeuser.php
+++ b/www-ssl/makeuser.php
@@ -56,7 +56,7 @@ if( isset($_POST["send"]))
 				"`Hometown`,".  "`CreateDate` ) ".
 			"VALUES ( ".
 				"'". $_POST["Nick"]. "', ".		"'". $_POST["Name"]. "', ".
-				"'". $_POST["Vorname"]. "', ".		$_POST["Alter"]. ", ".
+				"'". $_POST["Vorname"]. "', ".		"'". $_POST["Alter"]. "', ".
 				"'". $_POST["Telefon"]. "', ".		"'". $_POST["DECT"]. "', ".
 				"'". $_POST["Handy"]. "', ".		"'". $_POST["email"]. "', ".
 				"'". $_POST["ICQ"]. "', ".		"'". $_POST["jabber"]. "', ".
@@ -74,7 +74,7 @@ if( isset($_POST["send"]))
 		{
 			echo "<p class=\"important\">". Get_Text("makeuser_writeOK"). "\n";
 
-			$SQL2 = "SELECT UID FROM `User` WHERE Nick='". $_POST["Nick"]. "';";
+			$SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='". $_POST["Nick"]. "';";
 			$Erg2 = mysql_query($SQL2, $con);
 			$Data = mysql_fetch_array($Erg2);
 
-- 
cgit v1.2.3-54-g00ecf