joerg/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape texts before writing to database.

Browse Source
This commit is contained in:
Christian Steinle
2023-12-30 10:36:23 +01:00
parent 7cd0ed9f58
commit 66af0a2bb7
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin/inhalte/gb/new.php
View File

@@ -24,8 +24,8 @@ if (!isset($_POST['Speichern'])) {
<?php
} else {
if ('' != $_FILES['Foto']['name']) {
$Autor = $_POST['Autor'];
$Text = $_POST['Text'];
$Autor = $db->real_escape_string($_POST['Autor']);
$Text = $db->real_escape_string($_POST['Text']);
$Datum = $_POST['Datum'];
$sql1 = 'INSERT INTO gb (ID, Autor, Text, Datum) VALUES (NULL, "' . $Autor . '", "' . $Text . '", "' . $Datum . '");';
$stmt1 = $db->prepare($sql1);