diff --git a/content/InstallationsanleitungFASonline.html b/content/InstallationsanleitungFASonline.html
index 6022098e5..ae650cd23 100644
--- a/content/InstallationsanleitungFASonline.html
+++ b/content/InstallationsanleitungFASonline.html
@@ -11,8 +11,9 @@ FASonline und Tempus</h1>
     <h2>Download von Seamonkey</h2>
 Seamonkey wird bevorzugt, die Software l&auml;uft aber auch unter
 MozillaSuite oder FireFox. Prinzipiell gen&uuml;gt ein XUL-Runner. <br>
+Empfohlen wird Seamonkey 1.1.18. (Derzeit kann es zu Problemen bei Seamonkey ab Version 2.0 und Firefox ab Version 3.0 kommen!!)
 Aktuelle Quellen sind auf <a
- href="http://download.mozilla.org/?product=seamonkey-1.1.3&amp;os=win&amp;lang=en-US">www.mozilla.org</a>
+ href="http://www.seamonkey-project.org/releases/1.1.18">http://www.seamonkey-project.org/releases/1.1.18</a>
 zu finden.<br>
 Installation immer mit weiter best&auml;tigen. Standardpfad sollte
 unter Windows <strong>c:\programme\mozilla.org\seamonkey\</strong>
diff --git a/content/fasDBDML.php b/content/fasDBDML.php
index 13d8d278f..89fea9792 100644
--- a/content/fasDBDML.php
+++ b/content/fasDBDML.php
@@ -109,24 +109,33 @@ if(!$error)
 			//Wenn die Nation Oesterreich ist, dann muss die Gemeinde in der Tabelle Gemeinde vorkommen
 			if($_POST['nation']=='A')
 			{
-				$qry = "SELECT * FROM bis.tbl_gemeinde WHERE lower(name)=lower('".addslashes($_POST['gemeinde'])."') AND plz='".addslashes($_POST['plz'])."'";
-				if($db->db_query($qry))
+				if(is_numeric($_POST['plz']) && $_POST['plz']<32000)
 				{
-					if($row = $db->db_fetch_object())
+					$qry = "SELECT * FROM bis.tbl_gemeinde WHERE lower(name)=lower('".addslashes($_POST['gemeinde'])."') AND plz='".addslashes($_POST['plz'])."'";
+					if($db->db_query($qry))
 					{
-						$adresse->gemeinde = $row->name;	
+						if($row = $db->db_fetch_object())
+						{
+							$adresse->gemeinde = $row->name;	
+						}
+						else
+						{
+							$error = true;
+							$errormsg = 'Gemeinde ist ungueltig';
+							$return = false;
+						}
 					}
 					else
 					{
 						$error = true;
-						$errormsg = 'Gemeinde ist ungueltig';
+						$errormsg = 'Fehler beim Ermitteln der Gemeinde';
 						$return = false;
 					}
 				}
-				else
+				else 
 				{
 					$error = true;
-					$errormsg = 'Fehler beim Ermitteln der Gemeinde';
+					$errormsg = 'Postleitzahl ist fuer diese Nation ungueltig';
 					$return = false;
 				}
 			}
diff --git a/content/fasoverlay.js.php b/content/fasoverlay.js.php
index 08f8cd00d..67dbd7acd 100644
--- a/content/fasoverlay.js.php
+++ b/content/fasoverlay.js.php
@@ -1284,7 +1284,7 @@ function OpenManual()
 // ****
 function OpenToDoDialog()
 {
-	window.open('<?php echo APP_ROOT ?>content/ToDo_FASo.html','ToDo','height=600,width=600,left=150,top=150,hotkeys=0,resizable=yes,status=no,scrollbars=yes,toolbar=no,location=no,menubar=no,dependent=yes');
+	window.open('http://fhcomplete.technikum-wien.at/mantis/login.php?username=anonymous&return=%2Fmantis%2Froadmap_page.php%3F','ToDo','height=600,width=800,left=150,top=150,hotkeys=0,resizable=yes,status=yes,scrollbars=yes,toolbar=yes,location=yes,menubar=yes,dependent=yes');
 }
 
 // ****
diff --git a/content/statistik/oeh_beitraege.xls.php b/content/statistik/oeh_beitraege.xls.php
index c6fc45b77..0c3cc74e7 100644
--- a/content/statistik/oeh_beitraege.xls.php
+++ b/content/statistik/oeh_beitraege.xls.php
@@ -130,7 +130,7 @@ if($studiensemester_kurzbz!='')
 	$maxlength[$spalte]=9;
 	
 		
-	// Daten holen - Alle Personen mit akt. Status Student, Diplomand oder Praktikant (auch wenn im gleichen Semester Absolvent oder Abbrecher)
+	// Daten holen - Alle Personen mit akt. Status Student, Diplomand oder Praktikant
 	$qry="SELECT DISTINCT ON (matrikelnr) matrikelnr AS personenkennzahl, tbl_student.studiengang_kz, geschlecht, vorname, nachname, gebdatum AS geburtsdatum, 
 		geburtsnation AS nation, titelpre, uid || '@technikum-wien.at' AS email, 
 		(SELECT kontakt FROM public.tbl_kontakt WHERE person_id=public.tbl_person.person_id and (kontakttyp='mobil' OR kontakttyp='telefon') LIMIT 1) AS telefon, 
@@ -143,13 +143,15 @@ if($studiensemester_kurzbz!='')
 		(SELECT ort FROM public.tbl_adresse WHERE person_id=public.tbl_person.person_id ORDER BY heimatadresse desc LIMIT 1) AS w_ort, 
 		(SELECT strasse FROM public.tbl_adresse WHERE person_id=public.tbl_person.person_id ORDER BY heimatadresse desc LIMIT 1) AS w_strasse, 
 		titelpost 
-		FROM tbl_person 
-		JOIN tbl_benutzer using(person_id) 
-		JOIN tbl_student on(uid=student_uid)
-		JOIN tbl_prestudentstatus on(tbl_prestudentstatus.prestudent_id=tbl_student.prestudent_id)
+		FROM public.tbl_person 
+		JOIN public.tbl_benutzer using(person_id) 
+		JOIN public.tbl_student on(uid=student_uid)
+		JOIN public.tbl_prestudent using(prestudent_id)
+		JOIN public.tbl_prestudentstatus on(tbl_prestudentstatus.prestudent_id=tbl_student.prestudent_id)
 		WHERE tbl_prestudentstatus.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."' 
-		AND (status_kurzbz='Student' OR status_kurzbz='Diplomand' OR status_kurzbz='Praktikant')
-		AND studiengang_kz<999 ";
+		AND get_rolle_prestudent(tbl_prestudent.prestudent_id, '".addslashes($studiensemester_kurzbz)."') in('Student','Diplomand','Praktikant')
+		AND tbl_student.studiengang_kz<999 AND tbl_prestudent.bismelden=true";
+	// AND tbl_benutzer.aktiv=true
 
 	if($result = $db->db_query($qry))
 	{
@@ -289,7 +291,7 @@ if($studiensemester_kurzbz!='')
 	$worksheet2->write($zeile,++$spalte,'Titelpost',$format_bold);
 	$maxlength[$spalte]=9;
 	
-	// Daten holen - Alle Personen mit akt. Status Student, Diplomand oder Praktikant (auch wenn im gleichen Semester Absolvent oder Abbrecher), die bezahlt haben
+	// Daten holen - Alle Personen mit akt. Status Student, Diplomand oder Praktikant, die bezahlt haben
 	$qry="SELECT DISTINCT ON (matrikelnr) matrikelnr AS personenkennzahl, tbl_student.studiengang_kz, geschlecht, vorname, nachname, gebdatum AS geburtsdatum, 
 	geburtsnation AS nation, titelpre, uid || '@technikum-wien.at' AS email, 
 	(SELECT kontakt FROM public.tbl_kontakt WHERE person_id=public.tbl_person.person_id and (kontakttyp='mobil' OR kontakttyp='telefon') LIMIT 1) AS telefon, 
@@ -302,17 +304,20 @@ if($studiensemester_kurzbz!='')
 	(SELECT ort FROM public.tbl_adresse WHERE person_id=public.tbl_person.person_id ORDER BY heimatadresse desc LIMIT 1) AS w_ort, 
 	(SELECT strasse FROM public.tbl_adresse WHERE person_id=public.tbl_person.person_id ORDER BY heimatadresse desc LIMIT 1) AS w_strasse, 
 	titelpost 
-	FROM tbl_person 
-	JOIN tbl_konto as ka using(person_id) 
-	JOIN tbl_konto as kb using(person_id) 
-	JOIN tbl_benutzer using(person_id) 
-	JOIN tbl_student on(uid=student_uid)
-	JOIN tbl_prestudentstatus on(tbl_prestudentstatus.prestudent_id=tbl_student.prestudent_id)
-	WHERE tbl_prestudentstatus.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."' AND (status_kurzbz='Student' OR status_kurzbz='Diplomand' OR status_kurzbz='Praktikant')
+	FROM public.tbl_person 
+	JOIN public.tbl_konto as ka using(person_id) 
+	JOIN public.tbl_konto as kb using(person_id) 
+	JOIN public.tbl_benutzer using(person_id) 
+	JOIN public.tbl_student on(uid=student_uid)
+	JOIN public.tbl_prestudent using(prestudent_id)
+	JOIN public.tbl_prestudentstatus on(tbl_prestudentstatus.prestudent_id=tbl_student.prestudent_id)
+	WHERE tbl_prestudentstatus.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."' 
+	AND get_rolle_prestudent(tbl_prestudent.prestudent_id, '".addslashes($studiensemester_kurzbz)."') in('Student','Diplomand','Praktikant')
 	AND tbl_student.studiengang_kz<999 AND
 	ka.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."' AND ka.buchungstyp_kurzbz='OEH' AND tbl_student.studiengang_kz=ka.studiengang_kz 
 	AND kb.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."' AND kb.buchungstyp_kurzbz='OEH' AND tbl_student.studiengang_kz=kb.studiengang_kz 
-	AND kb.buchungsnr_verweis=ka.buchungsnr ";
+	AND kb.buchungsnr_verweis=ka.buchungsnr";
+	//AND tbl_benutzer.aktiv=true
 
 	if($result = $db->db_query($qry))
 	{
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 0110d6cd1..e939b0c3e 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -408,4 +408,38 @@ function intersect($str1, $str2)
 	
 	return $intersect;
 }
+
+function convertProblemChars($str)
+{
+	$enc = 'UTF-8';
+	
+	$acentos = array(
+   'A' => '/&Agrave;|&Aacute;|&Acirc;|&Atilde;|&Aring;/',
+   'Ae' => '/&Auml;/',
+   'a' => '/&agrave;|&aacute;|&acirc;|&atilde;|&aring;/',
+   'ae'=> '/&auml;/',
+   'C' => '/&Ccedil;/',
+   'c' => '/&ccedil;/',
+   'E' => '/&Egrave;|&Eacute;|&Ecirc;|&Euml;/',
+   'e' => '/&egrave;|&eacute;|&ecirc;|&euml;/',
+   'I' => '/&Igrave;|&Iacute;|&Icirc;|&Iuml;/',
+   'i' => '/&igrave;|&iacute;|&icirc;|&iuml;/',
+   'N' => '/&Ntilde;/',
+   'n' => '/&ntilde;/',
+   'O' => '/&Ograve;|&Oacute;|&Ocirc;|&Otilde;/',
+   'Oe' => '/&Ouml/',
+   'o' => '/&ograve;|&oacute;|&ocirc;|&otilde;/',
+   'oe' => '/&ouml/',
+   'U' => '/&Ugrave;|&Uacute;|&Ucirc;/',
+   'Ue' => '/&Uuml/',
+   'u' => '/&ugrave;|&uacute;|&ucirc;/',
+   'ue' => '/&uuml/',
+   'Y' => '/&Yacute;/',
+   'y' => '/&yacute;|&yuml;/',
+   'a.' => '/&ordf;/',
+   'o.' => '/&ordm;/'
+	);
+
+	return preg_replace($acentos, array_keys($acentos), htmlentities($str,ENT_NOQUOTES, $enc));     
+}
 ?>
diff --git a/include/prestudent.class.php b/include/prestudent.class.php
index 88d83b289..dc63ec3b3 100644
--- a/include/prestudent.class.php
+++ b/include/prestudent.class.php
@@ -523,7 +523,7 @@ class prestudent extends person
 				break;
 			case "prestudent":
 				if($studiensemester_kurzbz=='' || is_null($studiensemester_kurzbz))
-					$qry = "SELECT *, '' as status_kurzbz, '' as studiensemester_kurzbz, '' as ausbildungssemester, '' as datum FROM public.tbl_prestudent prestudent, public.tbl_person WHERE NOT EXISTS (select * from tbl_prestudentstatus WHERE prestudent_id=prestudent.prestudent_id) AND studiengang_kz='".addslashes($studiengang_kz)."' AND prestudent.person_id=tbl_person.person_id";
+					$qry = "SELECT *, '' as status_kurzbz, '' as studiensemester_kurzbz, '' as ausbildungssemester, '' as datum, tbl_person.anmerkung as anmerkungen, '' as orgform_kurzbz FROM public.tbl_prestudent prestudent, public.tbl_person WHERE NOT EXISTS (select * from tbl_prestudentstatus WHERE prestudent_id=prestudent.prestudent_id) AND studiengang_kz='".addslashes($studiengang_kz)."' AND prestudent.person_id=tbl_person.person_id";
 				else 
 					$qry .= " AND a.rolle IN('Interessent', 'Bewerber', 'Aufgenommener', 'Wartender', 'Abgewiesener')";
 				break;
diff --git a/rdf/abschlusspruefung.rdf.php b/rdf/abschlusspruefung.rdf.php
index ec145a7a0..953eb1087 100644
--- a/rdf/abschlusspruefung.rdf.php
+++ b/rdf/abschlusspruefung.rdf.php
@@ -176,7 +176,7 @@ if($db->db_query($qry))
 		<pruefer2_nachname><![CDATA['.$pruefer2.']]></pruefer2_nachname>
 		<pruefer3><![CDATA['.$row->pruefer3.']]></pruefer3>
 		<pruefer3_nachname><![CDATA['.$pruefer3.']]></pruefer3_nachname>
-		<abschlussbeurteilung_kurzbz><![CDATA['.$abschlussbeurteilung_arr[$row->abschlussbeurteilung_kurzbz].']]></abschlussbeurteilung_kurzbz>
+		<abschlussbeurteilung_kurzbz><![CDATA['.($row->abschlussbeurteilung_kurzbz!=''?$abschlussbeurteilung_arr[$row->abschlussbeurteilung_kurzbz]:'').']]></abschlussbeurteilung_kurzbz>
 		<akadgrad_id><![CDATA['.$row->akadgrad_id.']]></akadgrad_id>
 		<datum><![CDATA['.$datum_obj->convertISODate($row->datum).']]></datum>
 		<datum_iso><![CDATA['.$row->datum.']]></datum_iso>
diff --git a/rdf/diplomasupplement.xml.php b/rdf/diplomasupplement.xml.php
index ee8886c94..478ee2623 100644
--- a/rdf/diplomasupplement.xml.php
+++ b/rdf/diplomasupplement.xml.php
@@ -143,6 +143,7 @@ if (isset($_REQUEST["xmlformat"]) && $_REQUEST["xmlformat"] == "xml")
 			
 		}
 		
+		$akadgrad_id='';
 		$qry = "SELECT bezeichnung, akadgrad_id FROM lehre.tbl_abschlusspruefung JOIN lehre.tbl_abschlussbeurteilung USING(abschlussbeurteilung_kurzbz) WHERE student_uid='".$uid_arr[$i]."' ORDER BY datum DESC LIMIT 1";
 		if($db->db_query($qry))
 		{
@@ -152,16 +153,19 @@ if (isset($_REQUEST["xmlformat"]) && $_REQUEST["xmlformat"] == "xml")
 				$akadgrad_id = $row1->akadgrad_id;
 			}
 		}
-		
+				
 		$qry = "SELECT * FROM lehre.tbl_akadgrad WHERE akadgrad_id='$akadgrad_id'";
 		$titel = '';
 		$titel_kurzbz = '';
-		if($db->db_query($qry))
+		if($akadgrad_id!='')
 		{
-			if($row_titel = $db->db_fetch_object())
+			if($db->db_query($qry))
 			{
-				$titel = $row_titel->titel;
-				$titel_kurzbz = $row_titel->akadgrad_kurzbz;
+				if($row_titel = $db->db_fetch_object())
+				{
+					$titel = $row_titel->titel;
+					$titel_kurzbz = $row_titel->akadgrad_kurzbz;
+				}
 			}
 		}
 		echo '		<titel>'.$titel.'</titel>';
diff --git a/rdf/gemeinde.rdf.php b/rdf/gemeinde.rdf.php
index 82844429b..d8d8bf57e 100644
--- a/rdf/gemeinde.rdf.php
+++ b/rdf/gemeinde.rdf.php
@@ -51,15 +51,29 @@ echo '
 
    <RDF:Seq about="'.$rdf_url.'/liste">
 ';
+$qry='';
 if($gemeinde=='')
-	$qry = "SELECT distinct on (name) * FROM bis.tbl_gemeinde WHERE plz='".addslashes($plz)."' ORDER BY name";
+{
+	if(is_numeric($plz) && $plz<32000) //smallint
+	{
+		$qry = "SELECT distinct on (name) * FROM bis.tbl_gemeinde WHERE plz='".addslashes($plz)."' ORDER BY name";
+	}
+}
 else 
-	$qry = "SELECT * FROM bis.tbl_gemeinde WHERE plz='".addslashes($plz)."' AND name='".addslashes($gemeinde)."' ORDER BY name";
+{
+	$qry = "SELECT * FROM bis.tbl_gemeinde WHERE ";
+	if(is_numeric($plz) && $plz<32000) //smallint
+	{
+		$qry.="plz='".addslashes($plz)."' AND ";
+	}
+	$qry.="name='".addslashes($gemeinde)."' ORDER BY name";
+}
 $db = new basis_db();
 
-if($db->db_query($qry))
+
+if($qry!='' && $result = $db->db_query($qry))
 {
-	while($row = $db->db_fetch_object())
+	while($row = $db->db_fetch_object($result))
 	{
 		
 		echo '
diff --git a/vilesci/admin/fasinstall.html b/vilesci/admin/fasinstall.html
index 9649da4fa..3a198ebf9 100644
--- a/vilesci/admin/fasinstall.html
+++ b/vilesci/admin/fasinstall.html
@@ -8,7 +8,7 @@
 <body>
 <h2>Links für die FAS-Installation</h2>
 <a href="../../content/InstallationsanleitungFASonline.html">Installationsanleitung</a><br><br>
-<a href="http://www.seamonkey-project.org/">Seamonkey Download</a><br>
+<a href="http://www.seamonkey-project.org/releases/1.1.18">Seamonkey Download (Version 1.1.18)</a><br>
 <a href="XPI/orbit-1.8f5-MiK.xpi">Orbit 3+1 Theme</a><br>
 <br>
 <h3>Images:</h3>
diff --git a/vilesci/personen/import/interessentenimport.php b/vilesci/personen/import/interessentenimport.php
index 19a161f19..e11840a1a 100644
--- a/vilesci/personen/import/interessentenimport.php
+++ b/vilesci/personen/import/interessentenimport.php
@@ -51,7 +51,7 @@ function getGemeindeDropDown($postleitzahl)
 	$gemeinde_x = (isset($_REQUEST['gemeinde'])?$_REQUEST['gemeinde']:'');
 
 	echo '<SELECT id="gemeinde" name="gemeinde" onchange="loadOrtData()">';
-	if($postleitzahl<10000)
+	if(is_numeric($postleitzahl) && $postleitzahl<10000)
 	{
 		$qry = "SELECT distinct name FROM bis.tbl_gemeinde WHERE plz='".addslashes($postleitzahl)."'";
 		
@@ -99,7 +99,7 @@ function getOrtDropDown($postleitzahl, $gemeindename)
 	
 	echo '<SELECT id="ort" name="ort">';
 	
-	if($postleitzahl< 10000)
+	if(is_numeric($postleitzahl) && $postleitzahl<10000)
 	{
 		$ort = (isset($_REQUEST['ort'])?$_REQUEST['ort']:'');
 		$qry = "SELECT distinct ortschaftsname FROM bis.tbl_gemeinde 
diff --git a/vilesci/personen/import/mitarbeiterimport.php b/vilesci/personen/import/mitarbeiterimport.php
index 10a3b645f..ac0eeeef8 100644
--- a/vilesci/personen/import/mitarbeiterimport.php
+++ b/vilesci/personen/import/mitarbeiterimport.php
@@ -38,31 +38,6 @@ $datum_obj = new datum();
 
 loadVariables($user);
 
-// Clean stuff from a string
- function clean_string($string)
- {
- 	$trans = array("ä" => "ae",
- 				   "Ä" => "Ae",
- 				   "ö" => "oe",
- 				   "Ö" => "Oe",
- 				   "ü" => "ue",
- 				   "Ü" => "Ue",
- 				   "á" => "a",
- 				   "à" => "a",
- 				   "é" => "e",
- 				   "è" => "e",
- 				   "ó" => "o",
- 				   "ò" => "o",
- 				   "ì" => "i",
- 				   "í" => "i",
- 				   "ú" => "u",
- 				   "ù" => "u",
- 				   "ß" => "ss");
-	$string = strtr($string, $trans);
-    return ereg_replace("[^a-zA-Z0-9]", "", $string);
-    //[:space:]
- }
-
 function getGemeindeDropDown($postleitzahl)
 {
 	global $_REQUEST, $gemeinde;
@@ -73,23 +48,26 @@ function getGemeindeDropDown($postleitzahl)
 	$gemeinde_x = (isset($_REQUEST['gemeinde'])?$_REQUEST['gemeinde']:'');
 	$qry = "SELECT distinct name FROM bis.tbl_gemeinde WHERE plz='".addslashes($postleitzahl)."'";
 	echo '<SELECT id="gemeinde" name="gemeinde" onchange="loadOrtData()">';
-	if($db->db_query($qry))
+	if(is_numeric($postleitzahl) && $postleitzahl<10000)
 	{
-		while($row = $db->db_fetch_object())
+		if($db->db_query($qry))
 		{
-			if($firstentry=='')
-				$firstentry=$row->name;
-			if($gemeinde_x=='')
-				$gemeinde_x=$row->name;
-			
-			if($row->name==$gemeinde_x)
+			while($row = $db->db_fetch_object())
 			{
-				$selected='selected';
-				$found=true;
+				if($firstentry=='')
+					$firstentry=$row->name;
+				if($gemeinde_x=='')
+					$gemeinde_x=$row->name;
+				
+				if($row->name==$gemeinde_x)
+				{
+					$selected='selected';
+					$found=true;
+				}
+				else
+					$selected='';
+				echo "<option value='$row->name' $selected>$row->name</option>";
 			}
-			else
-				$selected='';
-			echo "<option value='$row->name' $selected>$row->name</option>";
 		}
 	}
 	
@@ -118,18 +96,20 @@ function getOrtDropDown($postleitzahl, $gemeindename)
 	$qry = "SELECT distinct ortschaftsname FROM bis.tbl_gemeinde 
 			WHERE plz='".addslashes($postleitzahl)."' AND name='".addslashes($gemeindename)."'";
 	echo '<SELECT id="ort" name="ort">';
-	if($db->db_query($qry))
+	if(is_numeric($postleitzahl) && $postleitzahl<10000)
 	{
-		while($row = $db->db_fetch_object())
+		if($db->db_query($qry))
 		{
-			if($row->ortschaftsname==$ort)
-				$selected='selected';
-			else 
-				$selected='';
-			echo "<option value='$row->ortschaftsname' $selected>$row->ortschaftsname</option>";
+			while($row = $db->db_fetch_object())
+			{
+				if($row->ortschaftsname==$ort)
+					$selected='selected';
+				else 
+					$selected='';
+				echo "<option value='$row->ortschaftsname' $selected>$row->ortschaftsname</option>";
+			}
 		}
-	}
-	
+	}	
 	echo '</SELECT>';
 }
 if(isset($_GET['type']) && $_GET['type']=='getortcontent' && isset($_GET['plz']) && isset($_GET['gemeinde']))
@@ -424,8 +404,8 @@ if(isset($_POST['save']))
 	//UID generieren
 	if(!$error)
 	{		
-		$nachname_clean = mb_strtolower(clean_string($nachname));
-		$vorname_clean = mb_strtolower(clean_string($vorname));
+		$nachname_clean = mb_strtolower(convertProblemChars($nachname));
+		$vorname_clean = mb_strtolower(convertProblemChars($vorname));
 		$uid='';
 		
 		$uid = generateMitarbeiterUID($vorname_clean, $nachname_clean, $lektor);
@@ -444,8 +424,8 @@ if(isset($_POST['save']))
 	{
 		$kurzbz='';
  		$mitarbeiter = new mitarbeiter();
- 		$nachname_clean = clean_string($nachname);
- 		$vorname_clean = clean_string($vorname);
+ 		$nachname_clean = convertProblemChars($nachname);
+ 		$vorname_clean = convertProblemChars($vorname);
  		for($nn=6,$vn=2;$nn!=0;$nn--,$vn++)
  		{
  			$kurzbz = mb_substr($nachname_clean,0,$nn);
@@ -466,8 +446,8 @@ if(isset($_POST['save']))
 	//Alias generieren
 	if(!$error)
 	{
-		$nachname_clean = mb_strtolower(clean_string($nachname));
-		$vorname_clean = mb_strtolower(clean_string($vorname));
+		$nachname_clean = mb_strtolower(convertProblemChars($nachname));
+		$vorname_clean = mb_strtolower(convertProblemChars($vorname));
 		$bn = new benutzer();
 		
 		if(!$bn->alias_exists($vorname_clean.'.'.$nachname_clean))
diff --git a/vilesci/personen/preinteressent_anlegen.php b/vilesci/personen/preinteressent_anlegen.php
index 64c31268b..dd015a6b6 100644
--- a/vilesci/personen/preinteressent_anlegen.php
+++ b/vilesci/personen/preinteressent_anlegen.php
@@ -49,23 +49,26 @@ function getGemeindeDropDown($postleitzahl)
 	$gemeinde_x = (isset($_REQUEST['gemeinde'])?$_REQUEST['gemeinde']:'');
 	$qry = "SELECT distinct name FROM bis.tbl_gemeinde WHERE plz='".addslashes($postleitzahl)."'";
 	echo '<SELECT id="gemeinde" name="gemeinde" onchange="loadOrtData()">';
-	if($result = $db->db_query($qry))
+	if(is_numeric($postleitzahl) && $postleitzahl<10000)
 	{
-		while($row = $db->db_fetch_object($result))
+		if($result = $db->db_query($qry))
 		{
-			if($firstentry=='')
-				$firstentry=$row->name;
-			if($gemeinde_x=='')
-				$gemeinde_x=$row->name;
-			
-			if($row->name==$gemeinde_x)
+			while($row = $db->db_fetch_object($result))
 			{
-				$selected='selected';
-				$found=true;
+				if($firstentry=='')
+					$firstentry=$row->name;
+				if($gemeinde_x=='')
+					$gemeinde_x=$row->name;
+				
+				if($row->name==$gemeinde_x)
+				{
+					$selected='selected';
+					$found=true;
+				}
+				else
+					$selected='';
+				echo "<option value='$row->name' $selected>$row->name</option>";
 			}
-			else
-				$selected='';
-			echo "<option value='$row->name' $selected>$row->name</option>";
 		}
 	}
 	
@@ -92,15 +95,18 @@ function getOrtDropDown($postleitzahl, $gemeindename)
 	$qry = "SELECT distinct ortschaftsname FROM bis.tbl_gemeinde 
 			WHERE plz='".addslashes($postleitzahl)."' AND name='".addslashes($gemeindename)."'";
 	echo '<SELECT id="ort" name="ort">';
-	if($result = $db->db_query($qry))
+	if(is_numeric($postleitzahl) && $postleitzahl<10000)
 	{
-		while($row = $db->db_fetch_object($result))
+		if($result = $db->db_query($qry))
 		{
-			if($row->ortschaftsname==$ort)
-				$selected='selected';
-			else 
-				$selected='';
-			echo "<option value='$row->ortschaftsname' $selected>$row->ortschaftsname</option>";
+			while($row = $db->db_fetch_object($result))
+			{
+				if($row->ortschaftsname==$ort)
+					$selected='selected';
+				else 
+					$selected='';
+				echo "<option value='$row->ortschaftsname' $selected>$row->ortschaftsname</option>";
+			}
 		}
 	}