diff --git a/content/intern/daten.php b/content/intern/daten.php
index 9449b0c0cf62a2a8fb651b13e60f6e8113ce122e..21b9875c612d3fe18ee79d688787ea071e58c79c 100644
--- a/content/intern/daten.php
+++ b/content/intern/daten.php
@@ -2,7 +2,9 @@
 if (isset($_POST['anf_daten']) && isset($_POST['anf_email'])) {
         $_POST['anf_email'] = addslashes ($_POST['anf_email']);
 
-	$sql = sql::$db->query("SELECT `uid`,`emailadresse` FROM "._VMS_."_emaildaten WHERE emailadresse = '".$_POST['anf_email']."' LIMIT 1");
+	$sql = sql::$db->prepare("SELECT `uid`,`emailadresse` FROM "._VMS_."_emaildaten WHERE emailadresse = :anf_email LIMIT 1");
+	$sql -> bindParam(':anf_email', $_POST['anf_email'], PDO::PARAM_STR);
+	$sql -> execute();
 	$daten_anfordern = $sql->fetch();
 	if ($daten_anfordern['emailadresse']) {
     	$neues_passwort = create_code(8);