From a52ee4a288ec57c2983173460237e4137440a873 Mon Sep 17 00:00:00 2001
From: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>
Date: Mon, 4 Dec 2006 19:54:51 +0000
Subject: SQL injektion behoben

git-svn-id: svn://svn.cccv.de/engel-system@198 29ba0400-6e00-0410-a75a-ca02368028f8
---
 www-ssl/nonpublic/news_comments.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'www-ssl/nonpublic/news_comments.php')

diff --git a/www-ssl/nonpublic/news_comments.php b/www-ssl/nonpublic/news_comments.php
index 6e303cea..a1019765 100755
--- a/www-ssl/nonpublic/news_comments.php
+++ b/www-ssl/nonpublic/news_comments.php
@@ -12,8 +12,8 @@ if( IsSet( $_GET["nid"]))
 
 if( IsSet( $_GET["text"]))
 {
-	$ch_sql="INSERT INTO news_comments (Refid, Datum, Text, UID) VALUES ('".
-		$_GET["nid"]. "', '". date("Y-m-d H:i:s"). "', '". $_GET["text"]. "', '". $_SESSION["UID"]. "')";
+	$ch_sql="INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) ".
+			"VALUES ('". $_GET["nid"]. "', '". date("Y-m-d H:i:s"). "', '". $_GET["text"]. "', '". $_SESSION["UID"]. "')";
 	$Erg = mysql_query($ch_sql, $con);
 	if ($Erg == 1)
 	{
@@ -22,7 +22,7 @@ if( IsSet( $_GET["text"]))
 	}
 }
 
-$SQL = "SELECT * FROM news_comments where Refid = '". $_GET["nid"]. "' ORDER BY 'ID'";
+$SQL = "SELECT * FROM `news_comments` WHERE `Refid`='". $_GET["nid"]. "' ORDER BY 'ID'";
 $Erg = mysql_query($SQL, $con);
 echo mysql_error( $con);
 // anzahl zeilen
-- 
cgit v1.2.3-70-g09d2