Skip to content
Snippets Groups Projects
Commit c0cbde23 authored by Henoch Einbier's avatar Henoch Einbier
Browse files

Update buchungen.php

-secured PDO query with bindParam
parent 9e5caba2
2 merge requests!46Release 3.0,!21Update buchungen.php
......@@ -13,7 +13,9 @@
</thead>
<?php
$i = 0;
$buchungen_lesen = sql::$db->query ("SELECT * FROM `" . _VMS_ . "_buchungen` WHERE uid=".$_SESSION['uid']." ORDER BY buchungszeit DESC LIMIT 50");
$buchungen_lesen = sql::$db->prepare ("SELECT * FROM `" . _VMS_ . "_buchungen` WHERE uid=:session_uid ORDER BY buchungszeit DESC LIMIT 50");
$buchungen_lesen -> bindParam(':session_uid', $_SESSION['uid'], PDO::PARAM_INT);
$buchungen_lesen -> execute();
while ($buchung_schreiben = $buchungen_lesen->fetch()) {
$i++;
$buchcolor = $system['positiv_farbe'];
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment