diff options
| author | root | 2014-04-20 18:55:24 +0200 |
|---|---|---|
| committer | root | 2014-04-20 18:55:24 +0200 |
| commit | 3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff (patch) | |
| tree | 9f589754331dbbab8f90f467f36a10f9a5ed99a7 /www/insert.php | |
| parent | 2441480079f68bd4bc15a12d7b9b47c18ce0bd52 (diff) | |
| download | jungegemeinde-3c94eb3f608f9bf0dc8d19583abe273b3a67e5ff.tar.gz | |
Fixed XSS vulnerability.
Diffstat (limited to 'www/insert.php')
| -rw-r--r-- | www/insert.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/www/insert.php b/www/insert.php index 4a17042..f373205 100644 --- a/www/insert.php +++ b/www/insert.php @@ -5,12 +5,12 @@ Licensed under the GPL. Read LICENSE for more Information.*/ function insert_db($db){ - $safe1 = SQLite3::escapeString("$_POST[name]"); - $safe2 = SQLite3::escapeString("$_POST[adresse]"); - $safe3 = SQLite3::escapeString("$_POST[telefonnummer]"); - $safe4 = SQLite3::escapeString("$_POST[handynummer]"); - $safe5 = SQLite3::escapeString("$_POST[email]"); - $safe6 = SQLite3::escapeString("$_POST[geburtstag]"); + $safe1 = SQLite3::escapeString(htmlentities($_POST[name])); + $safe2 = SQLite3::escapeString(htmlentities($_POST[adresse])); + $safe3 = SQLite3::escapeString(htmlentities($_POST[telefonnummer])); + $safe4 = SQLite3::escapeString(htmlentities($_POST[handynummer])); + $safe5 = SQLite3::escapeString(htmlentities($_POST[email])); + $safe6 = SQLite3::escapeString(htmlentities($_POST[geburtstag])); $query = "INSERT INTO jg (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES(NULL,'$safe1','$safe2','$safe3','$safe4','$safe5','$safe6');"; if($db->exec(" BEGIN TRANSACTION; |