Skip to content
Snippets Groups Projects
Commit ad1ff55a authored by Henoch Einbier's avatar Henoch Einbier
Browse files

Update startseite.php

-secured PDO query with bindParam
parent 9e5caba2
2 merge requests!46Release 3.0,!12Update startseite.php
......@@ -91,7 +91,9 @@ foot();
if ($_POST['anzeigen'] == 'anzeigen !')
{
$sql = sql::$db->query("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM "._VMS_."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < ".$timestamp);
$sql = sql::$db->prepare("SELECT t1.emailadresse AS email,t1.uid,t2.kontostand,t3.nickname FROM "._VMS_."_emaildaten AS t1, vms_kontodaten AS t2,vms_userdaten AS t3 WHERE t1.uid = t2.uid AND t2.uid = t3.uid AND last_active < :zeit");
$sql->bindParam(':zeit', $timestamp, PDO::PARAM_INT);
$sql->execute();
$konto='0';
while($row = $sql -> fetch() )
{
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment