sanitize all input against xss and fixed bug with time encoding when adding result
This commit is contained in:
@@ -5,17 +5,21 @@
|
||||
$user_data = check_login($con);
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
$points = $_POST['points'];
|
||||
$minutes = $_POST['minutes'];
|
||||
$seconds = $_POST['seconds'];
|
||||
$miliseconds = $_POST['miliseconds'];
|
||||
$points = sanitize_input($_POST['points']);
|
||||
$minutes = sanitize_input($_POST['minutes']);
|
||||
$seconds = sanitize_input($_POST['seconds']);
|
||||
$miliseconds = sanitize_input($_POST['miliseconds']);
|
||||
$s_id = sanitize_input($_GET['station']);
|
||||
$m_id = sanitize_input($_POST['team']);
|
||||
|
||||
if($minutes == 0 && $seconds == 0 && $miliseconds == 0){
|
||||
$time = null;
|
||||
} else if ($miliseconds < 10) {
|
||||
$time = "00:" . $minutes . ":" . $seconds . ".0" . $miliseconds;
|
||||
} else {
|
||||
$time = "00:" . $minutes . ":" . $seconds . "." . $miliseconds;
|
||||
}
|
||||
write_points($con, $_GET['station'], $_POST['team'], $points, $time);
|
||||
write_points($con, $s_id, $m_id, $points, $time);
|
||||
header("Location: statistik.php");
|
||||
die;
|
||||
}
|
||||
@@ -33,7 +37,7 @@
|
||||
<div id="team-div" class="dropdown">
|
||||
<label for="team">Mannschaft</label>
|
||||
<select name="team" id="team">
|
||||
<?php load_teams_no_points($con, $_GET['station'])?>
|
||||
<?php load_teams_no_points($con, sanitize_input($_GET['station']))?>
|
||||
</select>
|
||||
</div>
|
||||
<div class="number_field">
|
||||
|
||||
Reference in New Issue
Block a user