diff --git a/content/intern/anmelden.php b/content/intern/anmelden.php
index 62d0f5292d5bfbe4f6e3dd7b9bf0f19326599c25..dd455023b8e969296db753231179a63962f68fbe 100644
--- a/content/intern/anmelden.php
+++ b/content/intern/anmelden.php
@@ -31,9 +31,12 @@ if ($_POST['anmelden'] == "Jetzt anmelden!") {
     if ($_POST['agb'] != "ja") $error .= 'Du musst die AGBs bestätigen!<br>';
     // User mit der Datenbank abgleichen
     if (!$error) {
-        $sql = sql::$db->query("SELECT `nickname` FROM " ._VMS_. "_userdaten WHERE nickname='" . $_POST['nickname'] . "'");
+        $sql = sql::$db->prepare("SELECT `nickname` FROM " ._VMS_. "_userdaten WHERE nickname=:nickname");
+        $sql -> bindParam(':nickname', $_POST['nickname'], PDO::PARAM_STR);
+        $sql -> execute();
         $nickname_check = $sql -> fetch();
-        $sql = sql::$db->query("SELECT `emailadresse` FROM " ._VMS_. "_emaildaten WHERE emailadresse='" . $_POST['emailadresse'] . "'");
+        $sql = sql::$db->prepare("SELECT `emailadresse` FROM " ._VMS_. "_emaildaten WHERE emailadresse=:mail");
+        $sql -> bindParam(':mail', $_POST['emailadresse'], PDO::PARAM_STR);
         $mail_check = $sql -> fetch();
 
         if ($mail_check) $error .= 'Diese Emailadresse ist schon im System!<br>';