Skip to content
Snippets Groups Projects
Commit 2c37c154 authored by Henoch Einbier's avatar Henoch Einbier
Browse files

Update paidmails.php

-secured PDO query with bindParam
parent 9e5caba2
2 merge requests!46Release 3.0,!28Update paidmails.php
......@@ -2,12 +2,14 @@
userstatus();
head("Paidmailhistory");
$paidmails = sql::$db->query("SELECT
$paidmails = sql::$db->prepare("SELECT
e.gueltig, e.tan, v.verdienst, v.beschreibung, v.mailtext, v.aufendhalt
FROM " . _VMS_ . "_paidmails_empfaenger e
LEFT JOIN " . _VMS_ . "_paidmails_versendet v ON v.tan = e.tan
WHERE e.uid=" . $_SESSION['uid'] . " && e.gueltig > " . time() . " && e.status=0
WHERE e.uid=:session_uid && e.gueltig > " . time() . " && e.status=0
LIMIT 10");
$paidmails -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
$paidmails -> execute();
while ($mail = $paidmails->fetch() ) {
echo '
<table border="1" id="mail_' . $mail['tan'] . '" width="100%">
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment