From 52b2191854d1518a4f5ef9bbcf2ba47ed1cd0bbd Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sun, 9 Feb 2014 19:17:39 +0100
Subject: Fixed SQL-Injection vulnerability
---
update.php | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/update.php b/update.php
index 8ad75fc..09855cc 100644
--- a/update.php
+++ b/update.php
@@ -3,13 +3,13 @@
ini_set('display_errors', '1');*/
-$id = $_POST["id"];
-$name = $_POST["name"];
-$adresse = $_POST["adresse"];
-$telefonnummer = $_POST["telefonnummer"];
-$handynummer = $_POST["handynummer"];
-$email = $_POST["email"];
-$bday = $_POST["geburtstag"];
+$id = SQLite3::escapeString($_POST["id"]);
+$name = SQLite3::escapeString($_POST["name"]);
+$adresse = SQLite3::escapeString($_POST["adresse"]);
+$telefonnummer = SQLite3::escapeString($_POST["telefonnummer"]);
+$handynummer = SQLite3::escapeString($_POST["handynummer"]);
+$email = SQLite3::escapeString($_POST["email"]);
+$bday = SQLite3::escapeString($_POST["geburtstag"]);
//echo "$name
$adresse
$telefonnummer
$handynummer
$email
$bday
$ip
$cryptedip";
@@ -17,12 +17,12 @@ $bday = $_POST["geburtstag"];
$db = new SQLite3('../database/jg.db');
-$result = $db->exec("UPDATE member SET name='$name' where id=$id;");
-$result = $db->exec("UPDATE member SET adresse='$adresse' where id=$id;");
-$result = $db->exec("UPDATE member SET telefonnummer='$telefonnummer' where id=$id;");
-$result = $db->exec("UPDATE member SET handynummer='$handynummer' where id=$id;");
-$result = $db->exec("UPDATE member SET email='$email' where id=$id;");
-$result = $db->exec("UPDATE member SET geburtstag='$bday' where id=$id;");
+$db->exec("UPDATE member SET name='$name' where id=$id;");
+$db->exec("UPDATE member SET adresse='$adresse' where id=$id;");
+$db->exec("UPDATE member SET telefonnummer='$telefonnummer' where id=$id;");
+$db->exec("UPDATE member SET handynummer='$handynummer' where id=$id;");
+$db->exec("UPDATE member SET email='$email' where id=$id;");
+$db->exec("UPDATE member SET geburtstag='$bday' where id=$id;");
/*echo "
--
cgit v1.2.3