sql-injection beseitigt dank sven

git-svn-id: svn://svn.cccv.de/engel-system@203 29ba0400-6e00-0410-a75a-ca02368028f8
main
cookie 18 years ago
parent c31e620d2c
commit 4736d1eb9e

@ -56,7 +56,7 @@ if( isset($_POST["send"]))
"`Hometown`,". "`CreateDate` ) ".
"VALUES ( ".
"'". $_POST["Nick"]. "', ". "'". $_POST["Name"]. "', ".
"'". $_POST["Vorname"]. "', ". $_POST["Alter"]. ", ".
"'". $_POST["Vorname"]. "', ". "'". $_POST["Alter"]. "', ".
"'". $_POST["Telefon"]. "', ". "'". $_POST["DECT"]. "', ".
"'". $_POST["Handy"]. "', ". "'". $_POST["email"]. "', ".
"'". $_POST["ICQ"]. "', ". "'". $_POST["jabber"]. "', ".
@ -74,7 +74,7 @@ if( isset($_POST["send"]))
{
echo "<p class=\"important\">". Get_Text("makeuser_writeOK"). "\n";
$SQL2 = "SELECT UID FROM `User` WHERE Nick='". $_POST["Nick"]. "';";
$SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='". $_POST["Nick"]. "';";
$Erg2 = mysql_query($SQL2, $con);
$Data = mysql_fetch_array($Erg2);

Loading…
Cancel
Save