sql-injection beseitigt dank sven

git-svn-id: svn://svn.cccv.de/engel-system@203 29ba0400-6e00-0410-a75a-ca02368028f8
2006-12-10 11:07:21 +00:00 · 2006-12-10 11:07:21 +00:00 · 4736d1eb9e
parent c31e620d2c
commit 4736d1eb9e
1 changed files with 2 additions and 2 deletions
--- a/www-ssl/makeuser.php
+++ b/www-ssl/makeuser.php
@ -56,7 +56,7 @@ if( isset($_POST["send"]))
 				"`Hometown`,".  "`CreateDate` ) ".
 			"VALUES ( ".
 				"'". $_POST["Nick"]. "', ".		"'". $_POST["Name"]. "', ".
-				"'". $_POST["Vorname"]. "', ".		$_POST["Alter"]. ", ".
+				"'". $_POST["Vorname"]. "', ".		"'". $_POST["Alter"]. "', ".
 				"'". $_POST["Telefon"]. "', ".		"'". $_POST["DECT"]. "', ".
 				"'". $_POST["Handy"]. "', ".		"'". $_POST["email"]. "', ".
 				"'". $_POST["ICQ"]. "', ".		"'". $_POST["jabber"]. "', ".
@ -74,7 +74,7 @@ if( isset($_POST["send"]))
 		{
 			echo "<p class=\"important\">". Get_Text("makeuser_writeOK"). "\n";

-			$SQL2 = "SELECT UID FROM `User` WHERE Nick='". $_POST["Nick"]. "';";
+			$SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='". $_POST["Nick"]. "';";
 			$Erg2 = mysql_query($SQL2, $con);
 			$Data = mysql_fetch_array($Erg2);