From 2327ffdf811d3f930d0bafb160bfc8ecc43e57fc Mon Sep 17 00:00:00 2001 From: OpenXE <> Date: Fri, 14 Jun 2024 13:20:19 +0200 Subject: [PATCH] Bugfix shopimport escaping --- www/pages/shopimport.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/pages/shopimport.php b/www/pages/shopimport.php index 0a1112d1..e093318d 100644 --- a/www/pages/shopimport.php +++ b/www/pages/shopimport.php @@ -1881,10 +1881,10 @@ class Shopimport { if($warenkorb['email']!=='amazon_import_bounce@nfxmedia.de') { - $checkidemail = $this->app->DB->Select("SELECT kundennummer FROM adresse WHERE email='".$warenkorb['email']."' and email <> '' $adresseprojekt AND geloescht!=1 AND kundennummer <> '' LIMIT 1"); + $checkidemail = $this->app->DB->Select("SELECT kundennummer FROM adresse WHERE email='".$this->app->DB->real_escape_string($warenkorb['email'])."' and email <> '' $adresseprojekt AND geloescht!=1 AND kundennummer <> '' LIMIT 1"); } if((String)$checkidemail === ''){ - $checkidemail = $this->app->DB->Select("SELECT kundennummer FROM adresse WHERE name LIKE '" . $warenkorb['name'] . "' AND ort LIKE '" . $warenkorb['ort'] . "' AND geloescht!=1 $adresseprojekt AND kundennummer <> '' LIMIT 1"); + $checkidemail = $this->app->DB->Select("SELECT kundennummer FROM adresse WHERE name LIKE '" . $this->app->DB->real_escape_string($warenkorb['name']) . "' AND ort LIKE '" . $this->app->DB->real_escape_string($warenkorb['ort']) . "' AND geloescht!=1 $adresseprojekt AND kundennummer <> '' LIMIT 1"); } }else{ $checkidemail = $this->app->DB->Select("SELECT kundennummer FROM adresse WHERE name='".$this->app->DB->real_escape_string($warenkorb['name'])."' AND strasse='".$this->app->DB->real_escape_string($warenkorb['strasse'])."' AND plz='".$this->app->DB->real_escape_string($warenkorb['plz'])."' AND ort='".$this->app->DB->real_escape_string($warenkorb['ort'])."' $adresseprojekt AND geloescht!=1 AND kundennummer <> '' LIMIT 1");