Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
V
VMSone
Manage
Activity
Members
Labels
Plan
Issues
1
Issue boards
Milestones
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Designerscripte
VMSone
Commits
34feaae9
There was an error fetching the commit references. Please try again later.
Commit
34feaae9
authored
5 years ago
by
Henoch Einbier
Browse files
Options
Downloads
Patches
Plain Diff
Update anmelden.php
-secured PDO query with bindParam
parent
9e5caba2
2 merge requests
!46
Release 3.0
,
!16
Update anmelden.php
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
content/intern/anmelden.php
+5
-2
5 additions, 2 deletions
content/intern/anmelden.php
with
5 additions
and
2 deletions
content/intern/anmelden.php
+
5
−
2
View file @
34feaae9
...
...
@@ -31,9 +31,12 @@ if ($_POST['anmelden'] == "Jetzt anmelden!") {
if
(
$_POST
[
'agb'
]
!=
"ja"
)
$error
.
=
'Du musst die AGBs bestätigen!<br>'
;
// User mit der Datenbank abgleichen
if
(
!
$error
)
{
$sql
=
sql
::
$db
->
query
(
"SELECT `nickname` FROM "
.
_VMS_
.
"_userdaten WHERE nickname='"
.
$_POST
[
'nickname'
]
.
"'"
);
$sql
=
sql
::
$db
->
prepare
(
"SELECT `nickname` FROM "
.
_VMS_
.
"_userdaten WHERE nickname=:nickname"
);
$sql
->
bindParam
(
':nickname'
,
$_POST
[
'nickname'
],
PDO
::
PARAM_STR
);
$sql
->
execute
();
$nickname_check
=
$sql
->
fetch
();
$sql
=
sql
::
$db
->
query
(
"SELECT `emailadresse` FROM "
.
_VMS_
.
"_emaildaten WHERE emailadresse='"
.
$_POST
[
'emailadresse'
]
.
"'"
);
$sql
=
sql
::
$db
->
prepare
(
"SELECT `emailadresse` FROM "
.
_VMS_
.
"_emaildaten WHERE emailadresse=:mail"
);
$sql
->
bindParam
(
':mail'
,
$_POST
[
'emailadresse'
],
PDO
::
PARAM_STR
);
$mail_check
=
$sql
->
fetch
();
if
(
$mail_check
)
$error
.
=
'Diese Emailadresse ist schon im System!<br>'
;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment