or die("Unable to connect to SQL server");
$ktoname = '';
- if (isset($blzkto)) {
+ if (isset($_REQUEST[blzkto])) {
$query = sprintf ("SELECT name FROM account_names WHERE blz_kto = '%s'",
- $blzkto);
+ $_REQUEST[blzkto]);
$sth = pg_exec ($dbh, $query);
if (pg_NumRows ($sth) > 0) {
$row = pg_fetch_array ($sth, 0);
$ktoname = $row['name'];
} else {
- $both = explode (":", $blzkto);
+ $both = explode (":", $_REQUEST[blzkto]);
$ktoname = sprintf ("BLZ %s, Konto %s", $both[0], $both[1]);
}
}