diff --git a/adminforce/content/usersystem/doppelaccis.php b/adminforce/content/usersystem/doppelaccis.php
index d7384f6b42a1dbcfebe59e04eea7d05766e8a8a2..22ca20b5f049c1753f069123bbb89d007e6309be 100644
--- a/adminforce/content/usersystem/doppelaccis.php
+++ b/adminforce/content/usersystem/doppelaccis.php
@@ -5,7 +5,7 @@
     <td align="center"><b>IP-Adresse</b></td>
 </tr>
 <?php
-$sql = sql::$db->query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die(mysql_error());
+$sql = sql::$db->query("SELECT `login_ip`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `login_ip` HAVING COUNT(*) > 1") or die($sql->errorInfo());
 if ($sql->rowCount() == 0) {
     echo '
  <tr>
@@ -26,10 +26,12 @@ if ($sql->rowCount() == 0) {
 </table>
 <?php
 if (isset($_GET['ip'])) {
-    $ip = sql::$db->query("SELECT k.uid,u.nickname FROM
+    $ip = sql::$db->prepare("SELECT k.uid,u.nickname FROM
                         " . _VMS_ . "_kontodaten AS k
                         LEFT JOIN " . _VMS_ . "_userdaten AS u ON u.uid=k.uid
-WHERE k.login_ip='" . addslashes($_GET['ip']) . "'");
+WHERE k.login_ip=:ip");
+    $ip->bindParam(':ip', $_GET['ip'], PDO::PARAM_STR);
+    $ip->execute();
 
     echo "<p>User mit der IP " . $_GET['ip'] . ":</p>";
     while ($doppelt = $ip -> fetch() ) {
@@ -49,14 +51,14 @@ foot();
     <td align="center"><b>md5Hash</b></td>
 </tr>
 <?php
-$sql2 = sql::$db->query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die(mysql_error());
+$sql2 = sql::$db->query("SELECT `passwort`, COUNT(*) AS `anzahl` FROM  `" . _VMS_ . "_kontodaten` GROUP BY `passwort` HAVING COUNT(*) > 1") or die($sql->errorInfo());
 if ($sql2->rowCount() == 0) {
     echo '
  <tr>
-     <td colspan="2" align="center"><font color="green">Keine Doppelten PasswÃ¶rter im System</font></td>
+     <td colspan="2" align="center"><font color="green">Keine doppelten PasswÃ¶rter im System</font></td>
  </tr>';
 } else {
-    while ($fake2 = mysql_fetch_assoc($sql2)) {
+    while ($fake2 = $sql2->fetch(PDO::FETCH_ASSOC) ) {
         echo '
    <tr>
        <td>' . $fake2['anzahl'] . '</td>
@@ -74,10 +76,12 @@ if (isset($_GET['md5'])) {
     $md5 = db_query("SELECT k.uid,u.nickname FROM
                         `" . _VMS_ . "_kontodaten` AS k
                         LEFT JOIN `" . _VMS_ . "_userdaten` AS u ON u.uid=k.uid
-WHERE k.passwort='" . addslashes($_GET['md5']) . "'");
+WHERE k.passwort=:md5");
+    $md5->bindParam(':md5', $_GET['md5'], PDO::PARAM_STR);
+    $md5->execute();
 
     echo "<p>User mit dem Passworthash " . $_GET['md5'] . ":</p>";
-    while ($doppelt = mysql_fetch_assoc($md5)) {
+    while ($doppelt = $md5->fetch(PDO::FETCH_ASSOC) ) {
         echo "<a href='?content=/usersystem/userbearbeiten&uid=" . $doppelt['uid'] . "'>" . $doppelt['nickname'] . "</a><br>";
     }
 }