Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
V
VMSone
Manage
Activity
Members
Labels
Plan
Issues
1
Issue boards
Milestones
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Designerscripte
VMSone
Merge requests
!16
Update anmelden.php
Code
Review changes
Check out branch
Download
Patches
Plain diff
Merged
Update anmelden.php
g2zer0/VMSone:patch-13
into
dev-3.0
Overview
0
Commits
1
Pipelines
0
Changes
1
Merged
Henoch Einbier
requested to merge
g2zer0/VMSone:patch-13
into
dev-3.0
5 years ago
Overview
0
Commits
1
Pipelines
0
Changes
1
Expand
-secured PDO query with bindParam
0
0
Merge request reports
Compare
dev-3.0
dev-3.0 (base)
and
latest version
latest version
34feaae9
1 commit,
5 years ago
1 file
+
5
−
2
Expand all files
Preferences
File browser
List view
Tree view
Compare changes
Inline
Side-by-side
Show whitespace changes
Show one file at a time
content/intern/anmelden.php
+
5
−
2
Options
@@ -31,9 +31,12 @@ if ($_POST['anmelden'] == "Jetzt anmelden!") {
if
(
$_POST
[
'agb'
]
!=
"ja"
)
$error
.
=
'Du musst die AGBs bestätigen!<br>'
;
// User mit der Datenbank abgleichen
if
(
!
$error
)
{
$sql
=
sql
::
$db
->
query
(
"SELECT `nickname` FROM "
.
_VMS_
.
"_userdaten WHERE nickname='"
.
$_POST
[
'nickname'
]
.
"'"
);
$sql
=
sql
::
$db
->
prepare
(
"SELECT `nickname` FROM "
.
_VMS_
.
"_userdaten WHERE nickname=:nickname"
);
$sql
->
bindParam
(
':nickname'
,
$_POST
[
'nickname'
],
PDO
::
PARAM_STR
);
$sql
->
execute
();
$nickname_check
=
$sql
->
fetch
();
$sql
=
sql
::
$db
->
query
(
"SELECT `emailadresse` FROM "
.
_VMS_
.
"_emaildaten WHERE emailadresse='"
.
$_POST
[
'emailadresse'
]
.
"'"
);
$sql
=
sql
::
$db
->
prepare
(
"SELECT `emailadresse` FROM "
.
_VMS_
.
"_emaildaten WHERE emailadresse=:mail"
);
$sql
->
bindParam
(
':mail'
,
$_POST
[
'emailadresse'
],
PDO
::
PARAM_STR
);
$mail_check
=
$sql
->
fetch
();
if
(
$mail_check
)
$error
.
=
'Diese Emailadresse ist schon im System!<br>'
;