Skip to content
Snippets Groups Projects
Commit edfcd5fc authored by Henoch Einbier's avatar Henoch Einbier
Browse files

Update nickpage.php 

-secured PDO query with bindParam
parent 9e5caba2
2 merge requests!46Release 3.0,!29Update nickpage.php
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 3 deletions
content/nickpage.php
+ 3
3
View file @ edfcd5fc
<?php
$_GET['nick'] = addslashes($_GET['nick']);
$sql = sql::$db->query("SELECT u.angemeldet_seit,k.klicks,k.kv,k.angebettelt,k.bv FROM "._VMS_."_kontodaten k LEFT JOIN "._VMS_."_userdaten u ON u.uid = k.uid WHERE u.nickname='".$_GET['nick']."' LIMIT 1");
$sql = sql::$db->prepare("SELECT u.angemeldet_seit,k.klicks,k.kv,k.angebettelt,k.bv FROM "._VMS_."_kontodaten k LEFT JOIN "._VMS_."_userdaten u ON u.uid = k.uid WHERE u.nickname=:nick LIMIT 1");
$sql -> bindParam(':nick', $_GET['nick'], PDO::PARAM_STR);
$sql -> execute();
$np = $sql->fetch(PDO::FETCH_ASSOC);
head("Nickpage von ".$_GET['nick']);
echo'<b>Angemeldet seit:</b> '.date("d.m.Y - H:i",$np['angemeldet_seit']).'<br>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment