Update buchungen.php

-secured PDO query with bindParam

Update buchungen.php
-secured PDO query with bindParam
c0cbde23 · Henoch Einbier · 9e5caba2 · c0cbde23
Commit c0cbde23 authored 5 years ago by Henoch Einbier
--- a/content/konto/buchungen.php
+++ b/content/konto/buchungen.php
@@ -13,7 +13,9 @@
 </thead>
 <?php
 $i = 0;
-$buchungen_lesen = sql::$db->query ("SELECT * FROM `" . _VMS_ . "_buchungen` WHERE uid=".$_SESSION['uid']." ORDER BY buchungszeit DESC LIMIT 50");
+$buchungen_lesen = sql::$db->prepare ("SELECT * FROM `" . _VMS_ . "_buchungen` WHERE uid=:session_uid ORDER BY buchungszeit DESC LIMIT 50");
+$buchungen_lesen -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
+$buchungen_lesen -> execute();
 while ($buchung_schreiben = $buchungen_lesen->fetch()) {
 $i++;
 $buchcolor = $system['positiv_farbe'];