--- MPIWGWeb/MPIWGStaff.py	2005/11/22 17:58:27	1.10.2.18
+++ MPIWGWeb/MPIWGStaff.py	2005/11/25 12:14:46	1.10.2.20
@@ -314,13 +314,13 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
     def editCV(self,cv=None,oid=None,RESPONSE=None):
          """edit Cv"""
 
-         if (not cv):
+         if (not oid):
              pt=PageTemplateFile(os.path.join(package_home(globals()),'zpt','editCV.zpt')).__of__(self)
              return pt()
         
-         query="UPDATE personal_www SET cv ='%s' WHERE oid='%s'"
-
-         self.ZSQLQuery(query%(cv,oid))
+         query="UPDATE personal_www SET cv =%s WHERE oid='%s'"
+         
+         self.ZSQLQuery(query%(self.ZSQLQuote(cv),oid))
         
          if RESPONSE:
             RESPONSE.redirect("editCV")
@@ -328,14 +328,14 @@ class MPIWGStaff(CatalogAware,ZSQLExtend
     security.declareProtected('View management screens','editAwards')    
     def editAwards(self,awards=None,oid=None,RESPONSE=None):
          """edit a awards"""
-
-         if (not awards):
+     
+         if (not oid):
              pt=PageTemplateFile(os.path.join(package_home(globals()),'zpt','editAwards.zpt')).__of__(self)
              return pt()
         
-         query="UPDATE personal_www SET awards ='%s' WHERE oid='%s'"
-
-         self.ZSQLQuery(query%(awards,oid))
+         query="UPDATE personal_www SET awards =%s WHERE oid='%s'"
+      
+         self.ZSQLQuery(query%(self.ZSQLQuote(awards),oid))
         
          if RESPONSE:
             RESPONSE.redirect("editAwards")