Skip to content
Snippets Groups Projects
Commit 34feaae9 authored by Henoch Einbier's avatar Henoch Einbier
Browse files

Update anmelden.php

-secured PDO query with bindParam
parent 9e5caba2
2 merge requests!46Release 3.0,!16Update anmelden.php
......@@ -31,9 +31,12 @@ if ($_POST['anmelden'] == "Jetzt anmelden!") {
if ($_POST['agb'] != "ja") $error .= 'Du musst die AGBs bestätigen!<br>';
// User mit der Datenbank abgleichen
if (!$error) {
$sql = sql::$db->query("SELECT `nickname` FROM " ._VMS_. "_userdaten WHERE nickname='" . $_POST['nickname'] . "'");
$sql = sql::$db->prepare("SELECT `nickname` FROM " ._VMS_. "_userdaten WHERE nickname=:nickname");
$sql -> bindParam(':nickname', $_POST['nickname'], PDO::PARAM_STR);
$sql -> execute();
$nickname_check = $sql -> fetch();
$sql = sql::$db->query("SELECT `emailadresse` FROM " ._VMS_. "_emaildaten WHERE emailadresse='" . $_POST['emailadresse'] . "'");
$sql = sql::$db->prepare("SELECT `emailadresse` FROM " ._VMS_. "_emaildaten WHERE emailadresse=:mail");
$sql -> bindParam(':mail', $_POST['emailadresse'], PDO::PARAM_STR);
$mail_check = $sql -> fetch();
if ($mail_check) $error .= 'Diese Emailadresse ist schon im System!<br>';
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment