SQL injektion behoben

git-svn-id: svn://svn.cccv.de/engel-system@195 29ba0400-6e00-0410-a75a-ca02368028f8
18 years ago · 30ee094c86
parent 6ac183b6fe
commit 30ee094c86
1 changed files with 1 additions and 1 deletions
--- a/www-ssl/nonpublic/news_comments.php
+++ b/www-ssl/nonpublic/news_comments.php
@ -22,7 +22,7 @@ if( IsSet( $_GET["text"]))
 	}
 }

-$SQL = "SELECT * FROM news_comments where Refid = ". $_GET["nid"]. " ORDER BY 'ID'";
+$SQL = "SELECT * FROM news_comments where Refid = '". $_GET["nid"]. "' ORDER BY 'ID'";
 $Erg = mysql_query($SQL, $con);
 echo mysql_error( $con);
 // anzahl zeilen