includes/sys_auth: Add sql_escape, just to be safe

2011-06-03 11:24:22 +02:00 · 2011-06-03 11:24:22 +02:00 · 554bd796dc
parent 93dd7113b1
commit 554bd796dc
1 changed files with 5 additions and 2 deletions
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@ -19,7 +19,10 @@ function load_auth() {
 		if (count($user) > 0) {
 			// User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
 			list ($user) = $user;
-			sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;");
+			sql_query("UPDATE `User` SET "
+				. "`lastLogIn` = '" . time() . "'"
+				. " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"
+			);
 		} else
 			unset ($_SESSION['uid']);
 	}