Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
V
VMSone
Manage
Activity
Members
Labels
Plan
Issues
1
Issue boards
Milestones
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Designerscripte
VMSone
Commits
654e9b62
Commit
654e9b62
authored
5 years ago
by
Henoch Einbier
Browse files
Options
Downloads
Patches
Plain Diff
Update refuebersicht.php
-secured PDO queries with bindParam
parent
9e5caba2
Branches
Branches containing commit
Tags
Tags containing commit
2 merge requests
!46
Release 3.0
,
!24
Update refuebersicht.php
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
content/konto/refuebersicht.php
+13
-7
13 additions, 7 deletions
content/konto/refuebersicht.php
with
13 additions
and
7 deletions
content/konto/refuebersicht.php
+
13
−
7
View file @
654e9b62
<?php
userstatus
();
$count
=
0
;
$ebene_1
=
false
;
$ebene_2
=
false
;
$ebene_3
=
false
;
$ebene1
=
sql
::
$db
->
query
(
"SELECT werber.*, u.nickname, k.last_active FROM
$ebene1
=
sql
::
$db
->
prepare
(
"SELECT werber.*, u.nickname, k.last_active FROM
"
.
_VMS_
.
"_werberdaten AS werber
LEFT JOIN "
.
_VMS_
.
"_userdaten AS u ON u.uid = werber.uid
LEFT JOIN "
.
_VMS_
.
"_kontodaten AS k ON k.uid = werber.uid
WHERE werber.werber="
.
$_SESSION
[
'uid'
]
.
" ORDER BY u.nickname ASC"
);
WHERE werber.werber=:session_uid ORDER BY u.nickname ASC"
);
$ebene1
->
bindParam
(
':session_uid'
,
$_SESSION
[
'uid'
],
PDO
::
PARAM_INT
);
$ebene1
->
execute
();
if
(
$ebene1
->
rowCount
()
){
while
(
$user1
=
$ebene1
->
fetchAll
()
){
...
...
@@ -30,11 +32,13 @@ if ($ebene1->rowCount() ){
<td align="center">'
.
$refstatus
.
'</td>
</tr>
'
;
$ebene2
=
sql
::
$db
->
query
(
"SELECT werber.*, u.nickname, k.last_active FROM
$ebene2
=
sql
::
$db
->
prepare
(
"SELECT werber.*, u.nickname, k.last_active FROM
"
.
_VMS_
.
"_werberdaten AS werber
LEFT JOIN "
.
_VMS_
.
"_userdaten AS u ON u.uid = werber.uid
LEFT JOIN "
.
_VMS_
.
"_kontodaten AS k ON k.uid = werber.uid
WHERE werber.werber="
.
$user1
[
'uid'
]
.
" ORDER BY u.nickname ASC"
);
WHERE werber.werber=:user1_uid ORDER BY u.nickname ASC"
);
$ebene2
->
bindParam
(
':user1_uid'
,
$user1
[
'uid'
],
PDO
::
PARAM_INT
);
$ebene2
->
execute
();
while
(
$user2
=
$ebene2
->
fetchAll
()
){
$ebene_2
=
true
;
...
...
@@ -55,11 +59,13 @@ $ebene2 = sql::$db->query("SELECT werber.*, u.nickname, k.last_active FROM
</tr>
'
;
$ebene3
=
sql
::
$db
->
query
(
"SELECT werber.*, u.nickname, k.last_active FROM
$ebene3
=
sql
::
$db
->
prepare
(
"SELECT werber.*, u.nickname, k.last_active FROM
"
.
_VMS_
.
"_werberdaten AS werber
LEFT JOIN "
.
_VMS_
.
"_userdaten AS u ON u.uid = werber.uid
LEFT JOIN "
.
_VMS_
.
"_kontodaten AS k ON k.uid = werber.uid
WHERE werber.werber="
.
$user2
[
'uid'
]
.
" ORDER BY u.nickname ASC"
);
WHERE werber.werber=:user2_uid ORDER BY u.nickname ASC"
);
$ebene3
->
bindParam
(
':user2_uid'
,
$user2
[
'uid'
],
PDO
::
PARAM_INT
);
$ebene3
->
execute
();
while
(
$user3
=
$ebene3
->
fetchAll
()
){
$ebene_3
=
true
;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
