diff --git a/admin/inhalte/fotos/bilder/add.php b/admin/inhalte/fotos/bilder/add.php
index 0df28ed..82f06e2 100644
--- a/admin/inhalte/fotos/bilder/add.php
+++ b/admin/inhalte/fotos/bilder/add.php
@@ -10,7 +10,7 @@ if (!isset($_POST['Speichern'])) {
-
+
@@ -18,7 +18,7 @@ if (!isset($_POST['Speichern'])) {
real_escape_string($_POST['Text']);
$sql1 = 'INSERT INTO bilder (ID, Head) VALUES (NULL, "' . $Text . '");';
$stmt1 = $db->prepare($sql1);
if (!$stmt1) {
diff --git a/admin/inhalte/fotos/bilder/edit.php b/admin/inhalte/fotos/bilder/edit.php
index aabef6c..b46aea2 100644
--- a/admin/inhalte/fotos/bilder/edit.php
+++ b/admin/inhalte/fotos/bilder/edit.php
@@ -15,14 +15,14 @@ if (!isset($_POST['Speichern'])) {
-
+
real_escape_string($_POST['Text']);
$sql2 = 'UPDATE bilder SET Head = "' . $Text . '" WHERE ID = "' . $_POST['id'] . '";';
$stmt2 = $db->prepare($sql2);
if (!$stmt2) {
diff --git a/admin/inhalte/gb/edit.php b/admin/inhalte/gb/edit.php
index aaa4eec..31e9872 100644
--- a/admin/inhalte/gb/edit.php
+++ b/admin/inhalte/gb/edit.php
@@ -28,8 +28,8 @@ if (!isset($_POST['Speichern'])) {
real_escape_string($_POST['Autor']);
+ $Text = $db->real_escape_string($_POST['Text']);
$Datum = $_POST['Datum'];
$sql2 = 'UPDATE gb SET Autor = "' . $Autor . '", Text = "' . $Text . '", Datum = "' . $Datum . '" WHERE ID = "' . $_POST['id'] . '";';
$stmt2 = $db->prepare($sql2);
diff --git a/admin/inhalte/gb/new.php b/admin/inhalte/gb/new.php
index eda7154..4c5c8dd 100644
--- a/admin/inhalte/gb/new.php
+++ b/admin/inhalte/gb/new.php
@@ -24,8 +24,8 @@ if (!isset($_POST['Speichern'])) {
real_escape_string($_POST['Autor']);
+ $Text = $db->real_escape_string($_POST['Text']);
$Datum = $_POST['Datum'];
$sql1 = 'INSERT INTO gb (ID, Autor, Text, Datum) VALUES (NULL, "' . $Autor . '", "' . $Text . '", "' . $Datum . '");';
$stmt1 = $db->prepare($sql1);