Update startseite.php

-secured PDO query with bindParam

Update startseite.php
-secured PDO query with bindParam
ad1ff55a · Henoch Einbier · 9e5caba2 · ad1ff55a
Commit ad1ff55a authored 5 years ago by Henoch Einbier
--- a/adminforce/content/startseite.php
+++ b/adminforce/content/startseite.php
@@ -91,7 +91,9 @@ foot();

    if ($_POST['anzeigen'] == 'anzeigen !')
    {
-        $sql = sql::$db->query("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM "._VMS_."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < ".$timestamp);
+        $sql = sql::$db->prepare("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM "._VMS_."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < :zeit");
+        $sql->bindParam(':zeit', $timestamp, PDO::PARAM_INT);
+        $sql->execute();
        $konto='0';
        while($row = $sql -> fetch() )
        {