From f695c98fc32414198e4cfba6447d6bc5ab8f711d Mon Sep 17 00:00:00 2001
From: Walter Hupfeld <Walter.Hupfeld@gmx.de>
Date: Thu, 22 Feb 2024 12:01:59 +0100
Subject: [PATCH] fix

---
 index.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/index.php b/index.php
index a96a018..d1231f2 100644
--- a/index.php
+++ b/index.php
@@ -18,8 +18,8 @@
     else {
         header("Location: start.php");
     }
-    
-    require("config.php"); 
+    require("config.php");
+    if ($strDistict=="unkown")  { header("Location: start.php");} 
     require_once("lib/functions.php");
 
     $ref=(isset($_GET['ref']) && ($_GET['ref']==1));
@@ -28,16 +28,16 @@
     $strIntro .= nl2br2($strIntroText);
 
 
-    $strSQL="SELECT loc.*,f.filename 
-             FROM location loc LEFT JOIN  files f ON loc.id=f.loc_id
-             WHERE loc.district='$strDistrict'"; 
-
+    $result= $db->prepare("SELECT loc.*,f.filename  
+                            FROM location loc LEFT JOIN  files f ON loc.id=f.loc_id
+                            WHERE loc.district=:district");             
+    $result->bindParam(":district",$strDistrict);
+    $result->execute(); 
     /* Für die Auswertung nur bestimmte Kategorien anzeigen
     $numDefect="(6,8,21)";
     $strSQL="SELECT loc.*,f.filename FROM location loc LEFT JOIN  files f ON loc.id=f.loc_id WHERE defect  in ".$numDefect;
     */
         
-    $result = $db->query($strSQL);
     $arrMarker = array();
     $arrDescription = array();
     $id=0;