diff options
| -rw-r--r-- | update.php | 26 |
1 files changed, 13 insertions, 13 deletions
@@ -3,13 +3,13 @@ ini_set('display_errors', '1');*/ -$id = $_POST["id"]; -$name = $_POST["name"]; -$adresse = $_POST["adresse"]; -$telefonnummer = $_POST["telefonnummer"]; -$handynummer = $_POST["handynummer"]; -$email = $_POST["email"]; -$bday = $_POST["geburtstag"]; +$id = SQLite3::escapeString($_POST["id"]); +$name = SQLite3::escapeString($_POST["name"]); +$adresse = SQLite3::escapeString($_POST["adresse"]); +$telefonnummer = SQLite3::escapeString($_POST["telefonnummer"]); +$handynummer = SQLite3::escapeString($_POST["handynummer"]); +$email = SQLite3::escapeString($_POST["email"]); +$bday = SQLite3::escapeString($_POST["geburtstag"]); //echo "$name<br> $adresse<br>$telefonnummer<br>$handynummer<br>$email<br>$bday<br>$ip<br>$cryptedip"; @@ -17,12 +17,12 @@ $bday = $_POST["geburtstag"]; $db = new SQLite3('../database/jg.db'); -$result = $db->exec("UPDATE member SET name='$name' where id=$id;"); -$result = $db->exec("UPDATE member SET adresse='$adresse' where id=$id;"); -$result = $db->exec("UPDATE member SET telefonnummer='$telefonnummer' where id=$id;"); -$result = $db->exec("UPDATE member SET handynummer='$handynummer' where id=$id;"); -$result = $db->exec("UPDATE member SET email='$email' where id=$id;"); -$result = $db->exec("UPDATE member SET geburtstag='$bday' where id=$id;"); +$db->exec("UPDATE member SET name='$name' where id=$id;"); +$db->exec("UPDATE member SET adresse='$adresse' where id=$id;"); +$db->exec("UPDATE member SET telefonnummer='$telefonnummer' where id=$id;"); +$db->exec("UPDATE member SET handynummer='$handynummer' where id=$id;"); +$db->exec("UPDATE member SET email='$email' where id=$id;"); +$db->exec("UPDATE member SET geburtstag='$bday' where id=$id;"); /*echo " <!doctype html public '-//W3C//DTD XHTML 1.0 //EN'> |