diff options
Diffstat (limited to 'www/update.php')
| -rw-r--r-- | www/update.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/www/update.php b/www/update.php index 67a92a1..26c05ca 100644 --- a/www/update.php +++ b/www/update.php @@ -2,13 +2,13 @@ function update_db($db){ - $id = SQLite3::escapeString($_POST["id"]); - $name = SQLite3::escapeString($_POST["name"]); - $adresse = SQLite3::escapeString($_POST["adresse"]); - $telefonnummer = SQLite3::escapeString($_POST["telefonnummer"]); - $handynummer = SQLite3::escapeString($_POST["handynummer"]); - $email = SQLite3::escapeString($_POST["email"]); - $bday = SQLite3::escapeString($_POST["geburtstag"]); + $id = SQLite3::escapeString(htmlentities($_POST["id"])); + $name = SQLite3::escapeString(htmlentities($_POST["name"])); + $adresse = SQLite3::escapeString(htmlentities($_POST["adresse"])); + $telefonnummer = SQLite3::escapeString(htmlentities($_POST["telefonnummer"])); + $handynummer = SQLite3::escapeString(htmlentities($_POST["handynummer"])); + $email = SQLite3::escapeString(htmlentities($_POST["email"])); + $bday = SQLite3::escapeString(htmlentities($_POST["geburtstag"])); if((!empty($id) && !preg_match("/^[0-9]+$/", $id)) || (!empty($telefonnummer) && !preg_match("/^[0-9]+$/", $telefonnummer) )|| (!empty($email) && !preg_match("/^.+@.+$/", $email))){ return false; |