sanitize all input against xss and fixed bug with time encoding when adding result
This commit is contained in:
@@ -5,18 +5,22 @@
|
||||
$user_data = check_admin($con);
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] == "GET") {
|
||||
$row = get_team($con, $_GET['m_id'])->fetch();
|
||||
$m_id = $_GET['m_id'];
|
||||
$row = get_team($con, $m_id)->fetch();
|
||||
}
|
||||
|
||||
if($_SERVER['REQUEST_METHOD'] == "POST") {
|
||||
$row = get_team($con, $_POST['m_id'])->fetch();
|
||||
$m_id = sanitize_input($_POST['m_id']);
|
||||
$team_name = sanitize_input($_POST['team_name']);
|
||||
$fire_department = sanitize_input($_POST['fire_department']);
|
||||
$row = get_team($con, $m_id)->fetch();
|
||||
|
||||
if($_POST['team_name'] != $row['name']) {
|
||||
update_team_name($con, $_POST['m_id'], $_POST['team_name']);
|
||||
update_team_name($con, $m_id, $team_name);
|
||||
}
|
||||
|
||||
if($_POST['fire_department'] != $row['feuerwehr']) {
|
||||
update_team_fire_department($con, $_POST['m_id'], $_POST['fire_department']);
|
||||
update_team_fire_department($con, $m_id, $fire_department);
|
||||
}
|
||||
|
||||
header("Location: mannschaft.php");
|
||||
|
||||
Reference in New Issue
Block a user