From a52ee4a288ec57c2983173460237e4137440a873 Mon Sep 17 00:00:00 2001 From: cookie Date: Mon, 4 Dec 2006 19:54:51 +0000 Subject: SQL injektion behoben git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8 --- www-ssl/nonpublic/myschichtplan.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'www-ssl/nonpublic/myschichtplan.php') diff --git a/www-ssl/nonpublic/myschichtplan.php b/www-ssl/nonpublic/myschichtplan.php index 5aac2b61..be10951b 100755 --- a/www-ssl/nonpublic/myschichtplan.php +++ b/www-ssl/nonpublic/myschichtplan.php @@ -88,8 +88,7 @@ else { echo Get_Text("pub_mywake_delate1")."
\n"; - $sql = "SELECT * FROM `Shifts` WHERE "; - $sql.= "(SID = \"". $_GET["SID"]. "\")"; + $sql = "SELECT * FROM `Shifts` WHERE (`SID` = '". $_GET["SID"]. "')"; $Erg = mysql_query($sql, $con); $schichtdate = mysql_result( $Erg, 0, "DateS" ); @@ -124,7 +123,7 @@ else echo Get_Text("pub_myshift_Edit_Text1"). "\n"; $sql = "SELECT * FROM `ShiftEntry` WHERE "; - $sql.= "(SID=\"". $_GET["SID"]. "\" AND UID=\"". $_SESSION['UID']. "\" )"; + $sql.= "(`SID`='". $_GET["SID"]. "' AND `UID`='". $_SESSION['UID']. "')"; $Erg = mysql_query($sql, $con); echo "
\n"; @@ -138,7 +137,7 @@ else { echo Get_Text("pub_myshift_EditSave_Text1"). "
\n"; $sql = "UPDATE `ShiftEntry` ". - "SET `Comment` = \"". $_GET["newtext"]. "\" ". + "SET `Comment` = '". $_GET["newtext"]. "' ". "WHERE `SID`='". $_GET["SID"]. "' AND `UID`='". $_SESSION['UID']. "' LIMIT 1;"; $Erg = mysql_query($sql, $con); if ($Erg == 1) -- cgit v1.2.3-70-g09d2