aboutsummaryrefslogtreecommitdiff
path: root/www/insert.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/insert.php')
-rw-r--r--www/insert.php12
1 files changed, 6 insertions, 6 deletions
diff --git a/www/insert.php b/www/insert.php
index 4a17042..f373205 100644
--- a/www/insert.php
+++ b/www/insert.php
@@ -5,12 +5,12 @@ Licensed under the GPL. Read LICENSE for more Information.*/
function insert_db($db){
- $safe1 = SQLite3::escapeString("$_POST[name]");
- $safe2 = SQLite3::escapeString("$_POST[adresse]");
- $safe3 = SQLite3::escapeString("$_POST[telefonnummer]");
- $safe4 = SQLite3::escapeString("$_POST[handynummer]");
- $safe5 = SQLite3::escapeString("$_POST[email]");
- $safe6 = SQLite3::escapeString("$_POST[geburtstag]");
+ $safe1 = SQLite3::escapeString(htmlentities($_POST[name]));
+ $safe2 = SQLite3::escapeString(htmlentities($_POST[adresse]));
+ $safe3 = SQLite3::escapeString(htmlentities($_POST[telefonnummer]));
+ $safe4 = SQLite3::escapeString(htmlentities($_POST[handynummer]));
+ $safe5 = SQLite3::escapeString(htmlentities($_POST[email]));
+ $safe6 = SQLite3::escapeString(htmlentities($_POST[geburtstag]));
$query = "INSERT INTO jg (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES(NULL,'$safe1','$safe2','$safe3','$safe4','$safe5','$safe6');";
if($db->exec("
BEGIN TRANSACTION;