--- MPIWGWeb/MPIWGStaff.py	2005/11/11 19:42:36	1.10.2.17
+++ MPIWGWeb/MPIWGStaff.py	2005/11/25 12:14:46	1.10.2.20
@@ -314,13 +314,13 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
     def editCV(self,cv=None,oid=None,RESPONSE=None):
          """edit Cv"""
 
-         if (not cv):
+         if (not oid):
              pt=PageTemplateFile(os.path.join(package_home(globals()),'zpt','editCV.zpt')).__of__(self)
              return pt()
         
-         query="UPDATE personal_www SET cv ='%s' WHERE oid='%s'"
-
-         self.ZSQLQuery(query%(cv,oid))
+         query="UPDATE personal_www SET cv =%s WHERE oid='%s'"
+         
+         self.ZSQLQuery(query%(self.ZSQLQuote(cv),oid))
         
          if RESPONSE:
             RESPONSE.redirect("editCV")
@@ -328,14 +328,14 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
     security.declareProtected('View management screens','editAwards')    
     def editAwards(self,awards=None,oid=None,RESPONSE=None):
          """edit a awards"""
-
-         if (not awards):
+     
+         if (not oid):
              pt=PageTemplateFile(os.path.join(package_home(globals()),'zpt','editAwards.zpt')).__of__(self)
              return pt()
         
-         query="UPDATE personal_www SET awards ='%s' WHERE oid='%s'"
-
-         self.ZSQLQuery(query%(awards,oid))
+         query="UPDATE personal_www SET awards =%s WHERE oid='%s'"
+      
+         self.ZSQLQuery(query%(self.ZSQLQuote(awards),oid))
         
          if RESPONSE:
             RESPONSE.redirect("editAwards")
@@ -477,7 +477,7 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
             query="INSERT INTO %s " % "publications"
             query+="(id_main,id_institutsbibliographie,publish) "
             query+="VALUES ('%s','%s','yes')" %(sql_quote(self.getDBId()),sql_quote(bibId))
-            print "ADD",query
+            
             #self.ZSQLAdd(_table="publications",id_institutsbibliographie=bibId,id_main=self.getDBId(),publish='yes')
             self.ZSQLQuery(query)