From 4736d1eb9ee63f0bc3121e078e2c1ed6669f3fda Mon Sep 17 00:00:00 2001 From: cookie Date: Sun, 10 Dec 2006 11:07:21 +0000 Subject: [PATCH] sql-injection beseitigt dank sven git-svn-id: svn://svn.cccv.de/engel-system@203 29ba0400-6e00-0410-a75a-ca02368028f8 --- www-ssl/makeuser.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www-ssl/makeuser.php b/www-ssl/makeuser.php index b7df67a0..c2b32077 100755 --- a/www-ssl/makeuser.php +++ b/www-ssl/makeuser.php @@ -56,7 +56,7 @@ if( isset($_POST["send"])) "`Hometown`,". "`CreateDate` ) ". "VALUES ( ". "'". $_POST["Nick"]. "', ". "'". $_POST["Name"]. "', ". - "'". $_POST["Vorname"]. "', ". $_POST["Alter"]. ", ". + "'". $_POST["Vorname"]. "', ". "'". $_POST["Alter"]. "', ". "'". $_POST["Telefon"]. "', ". "'". $_POST["DECT"]. "', ". "'". $_POST["Handy"]. "', ". "'". $_POST["email"]. "', ". "'". $_POST["ICQ"]. "', ". "'". $_POST["jabber"]. "', ". @@ -74,7 +74,7 @@ if( isset($_POST["send"])) { echo "

". Get_Text("makeuser_writeOK"). "\n"; - $SQL2 = "SELECT UID FROM `User` WHERE Nick='". $_POST["Nick"]. "';"; + $SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='". $_POST["Nick"]. "';"; $Erg2 = mysql_query($SQL2, $con); $Data = mysql_fetch_array($Erg2);