diff --git a/www-ssl/nonpublic/news_output.php b/www-ssl/nonpublic/news_output.php
index 9648fc41..91112c81 100755
--- a/www-ssl/nonpublic/news_output.php
+++ b/www-ssl/nonpublic/news_output.php
@@ -3,31 +3,30 @@ include ("./inc/db.php");
include ("./inc/funktion_user.php");
-if ( isset($text) && isset($betreff) && IsSet($date) ) {
- if (!isset($treffen)) $treffen = 0;
+if( isset( $_POST["text"]) && isset( $_POST["betreff"]) && IsSet( $_POST["date"]) ) {
+ if( !isset( $_POST["treffen"]))
+ $_POST["treffen"] = 0;
//$escaped_text = htmlescape($text);
//$escaped_betreff = htmlescape($betreff);
$SQL = "INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) ";
- $SQL.= "VALUES ('$date', '$betreff', '$text', '".$_SESSION['UID'];
- $SQL.= "', '$treffen');";
+ $SQL.= "VALUES ('". $_POST["date"]. "', '". $_POST["betreff"]. "', '". $_POST["text"]. "', '".$_SESSION['UID'];
+ $SQL.= "', '". $_POST["treffen"]. "');";
$Erg = mysql_query($SQL, $con);
- if ($Erg == 1) { Print_Text(4); }
+ if ($Erg == 1)
+ Print_Text(4);
}
+if( !IsSet( $_GET["news_begin"]))
+ $_GET["news_begin"]=0;
-if (!IsSet($news_begin)) {
- $news_begin=0;
-}
-
-if (!IsSet($DISPLAY_NEWS)) {
- $DISPLAY_NEWS = 5;
-}
+if( !IsSet( $_GET["DISPLAY_NEWS"]))
+ $_GET["DISPLAY_NEWS"] = 5;
//if (($news_begin-$DISPLAY_NEWS) >= 0 ) {
// echo "
Die vorherigen $DISPLAY_NEWS News anzeigen...
";
//}
-$SQL = "SELECT * FROM `News` ORDER BY 'ID' DESC LIMIT $news_begin,$DISPLAY_NEWS";
+$SQL = "SELECT * FROM `News` ORDER BY 'ID' DESC LIMIT ". $_GET["news_begin"]. ",". $_GET["DISPLAY_NEWS"];
$Erg = mysql_query($SQL, $con);
// anzahl zeilen