root
/
threadr.lostcave.ddnss.de
3
1
Fork 1
Code Issues 18 Pull Requests Projects Releases Wiki Activity

attempted fix: §_GET["id"]

master
Jakob 2020-03-04 10:24:06 +01:00
parent 61db89465a
commit 7a4004e088
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
threadr/boards/thread.php
View File

@ -3,13 +3,6 @@ session_start();
%NO_CHEAP_SESSION_STEALING% %NO_CHEAP_SESSION_STEALING%
%PLEAZE_NO_CACHE% %PLEAZE_NO_CACHE%
$navbar="boards"; $navbar="boards";
function _GET($par, $parType = '') {
if($parType == '') {
$parType = gettype($par);
}
$return = filter_input(INPUT_GET, $par, FILTER_SANITIZE_NUMBER_INT);
}
$id = _GET('id');
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
@ -29,7 +22,7 @@ $id = _GET('id');
$error = false; $error = false;
$error_message = ""; $error_message = "";
if (!$error) { if (!$error) {
$statement = $pdo->prepare("SELECT * FROM boards WHERE id=$id"); $statement = $pdo->prepare("SELECT * FROM boards WHERE id=$_GET["id"]");
$statement->execute(); $statement->execute();
$statement->fetchAll() as $ROW; $statement->fetchAll() as $ROW;
echo "$ROW[name]"; echo "$ROW[name]";