From 30ee094c864af66d13694c7804755f9539e5b626 Mon Sep 17 00:00:00 2001
From: cookie <cookie@29ba0400-6e00-0410-a75a-ca02368028f8>
Date: Sun, 3 Dec 2006 22:13:38 +0000
Subject: SQL injektion behoben

git-svn-id: svn://svn.cccv.de/engel-system@195 29ba0400-6e00-0410-a75a-ca02368028f8
---
 www-ssl/nonpublic/news_comments.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'www-ssl')

diff --git a/www-ssl/nonpublic/news_comments.php b/www-ssl/nonpublic/news_comments.php
index 99b42072..6e303cea 100755
--- a/www-ssl/nonpublic/news_comments.php
+++ b/www-ssl/nonpublic/news_comments.php
@@ -22,7 +22,7 @@ if( IsSet( $_GET["text"]))
 	}
 }
 
-$SQL = "SELECT * FROM news_comments where Refid = ". $_GET["nid"]. " ORDER BY 'ID'";
+$SQL = "SELECT * FROM news_comments where Refid = '". $_GET["nid"]. "' ORDER BY 'ID'";
 $Erg = mysql_query($SQL, $con);
 echo mysql_error( $con);
 // anzahl zeilen
-- 
cgit v1.2.3-54-g00ecf