From 7512e8b5e7a4a5229cda1a1165e98577712f56b4 Mon Sep 17 00:00:00 2001 From: cookie Date: Sun, 3 Dec 2006 22:18:25 +0000 Subject: [PATCH] SQL injektion behoben git-svn-id: svn://svn.cccv.de/engel-system@196 29ba0400-6e00-0410-a75a-ca02368028f8 --- www-ssl/nonpublic/index.php | 2 +- www-ssl/nonpublic/messages.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/www-ssl/nonpublic/index.php b/www-ssl/nonpublic/index.php index b65dd9c4..20b32c00 100755 --- a/www-ssl/nonpublic/index.php +++ b/www-ssl/nonpublic/index.php @@ -54,7 +54,7 @@ else $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; // CVS import Data - $SQL = "SELECT * FROM `UserCVS` WHERE UID=".$_SESSION['UID']; + $SQL = "SELECT * FROM `UserCVS` WHERE UID='".$_SESSION['UID']."'"; $Erg_CVS = mysql_query($SQL, $con); $_SESSION['CVS'] = mysql_fetch_array($Erg_CVS); diff --git a/www-ssl/nonpublic/messages.php b/www-ssl/nonpublic/messages.php index 09aa9b7f..ab6e5402 100755 --- a/www-ssl/nonpublic/messages.php +++ b/www-ssl/nonpublic/messages.php @@ -17,7 +17,7 @@ switch( $_GET["action"]) //##################### //show exist Messages //##################### - $SQL = "SELECT * FROM `Messages` WHERE `SUID`=". $_SESSION["UID"]. " OR `RUID`=". $_SESSION["UID"]; + $SQL = "SELECT * FROM `Messages` WHERE `SUID`='". $_SESSION["UID"]. "' OR `RUID`='". $_SESSION["UID"]. "'"; $erg = mysql_query($SQL, $con); echo "\n"; @@ -100,7 +100,7 @@ switch( $_GET["action"]) case "MarkRead": $SQL = "UPDATE `Messages` SET `isRead` = 'Y' ". - "WHERE `Datum` = '". $_GET["Datum"]. "' AND `RUID`=". $_SESSION["UID"]. " ". + "WHERE `Datum` = '". $_GET["Datum"]. "' AND `RUID`='". $_SESSION["UID"]. "' ". "LIMIT 1 ;"; $Erg = mysql_query($SQL, $con); if ($Erg == 1) @@ -111,7 +111,7 @@ switch( $_GET["action"]) case "DelMsg": $SQL = "DELETE FROM `Messages` ". - "WHERE `Datum` = '". $_GET["Datum"]. "' AND `RUID` = ". $_SESSION["UID"]. " ". + "WHERE `Datum` = '". $_GET["Datum"]. "' AND `RUID` ='". $_SESSION["UID"]. "' ". "LIMIT 1;"; $Erg = mysql_query($SQL, $con); if ($Erg == 1)