From f670f45d2f505b02dedc51bc61214354db9897b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=96sterreicher?= <oesi@technikum-wien.at>
Date: Mon, 1 Dec 2014 10:07:21 +0000
Subject: [PATCH] =?UTF-8?q?Diverse=20SQL-Injection=20L=C3=BCcken=20geschlo?=
 =?UTF-8?q?ssen?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cis/private/kommune/index.php                 |   20 +-
 .../kommune_wartung_wettbewerb.inc.php        |    4 +-
 .../kommune_wartung_wettbewerbtypen.inc.php   |    4 +-
 cis/private/lehre/abgabe_lektor_details.php   |    4 -
 cis/private/outgoing/akte.php                 |   15 +-
 cis/private/outgoing/akteupload.php           |    9 +
 cis/private/outgoing/index.html               |    8 +
 cis/private/pdfExport.php                     |    6 +-
 cis/private/profile/zahlungen_details.php     |  220 +-
 cis/private/profile/zeitsperre_resturlaub.php |   12 +-
 cis/private/tools/feedback.php                |   16 +-
 cis/private/tools/projektabgabe.php           |   22 +-
 cis/public/bildupload.php                     |    8 +
 cis/public/dms_akteupload.php                 |   14 +
 cis/public/incoming/akte.php                  |    8 +-
 cis/public/incoming/akteupload.php            |    9 +
 cis/testtool/admin/.htaccess                  |   10 +-
 .../admin/auswertung_detail_prestudent.php    |    4 +-
 cis/testtool/admin/index.php                  |    9 +-
 cis/testtool/frage.php                        |   20 +-
 cis/testtool/login.php                        |    7 +-
 cis/testtool/menu.php                         |   12 +-
 cis/testtool/topbar.php                       |    2 +-
 .../menu_addon_lehrveranstaltungen.inc.php    |    2 +-
 cms/menu/menu_addon_test.inc.php              |    4 +-
 content/createAusbildungsvertrag.php          |    3 +-
 content/fasDBDML.php                          |    3 +-
 content/lvplanung/lehrveranstaltungDBDML.php  |   11 +-
 content/projektbeschreibung.php               |    3 +
 content/statistik/bama_studentenstrom.svg.php |   10 +-
 content/student/studentDBDML.php              |   73 +-
 content/tempusDBDML.php                       |   12 +-
 include/appdaten.class.php                    |    3 +-
 include/benutzer.class.php                    |   12 +-
 include/benutzerberechtigung.class.php        |    4 +-
 include/benutzerfunktion.class.php            |   10 +-
 include/berechtigung.class.php                |   44 +-
 ...riebsmittel_betriebsmittelstatus.class.php |   62 +-
 include/betriebsmittelstatus.class.php        |   65 +-
 include/betriebsmitteltyp.class.php           |   38 +-
 include/bisverwendung.class.php               |   24 +-
 include/content.class.php                     |    8 +-
 include/dms.class.php                         |    6 +-
 include/dokument.class.php                    |    4 +-
 include/fachbereich.class.php                 |    7 +-
 include/firma.class.php                       |   28 +-
 include/functions.inc.php                     |   10 +-
 include/konto.class.php                       |   14 +-
 include/lehreinheit.class.php                 |   54 +-
 include/lehreinheitgruppe.class.php           |    4 +-
 include/lehrstunde.class.php                  |  100 +-
 include/lehrveranstaltung.class.php           |    2 +-
 include/lehrverband.class.php                 |   10 +-
 include/mitarbeiter.class.php                 |    2 +-
 include/news.class.php                        |   63 +-
 include/note.class.php                        |    2 +-
 include/organisationseinheit.class.php        |  102 +-
 include/preincoming.class.php                 |  230 +-
 include/preinteressent.class.php              |  186 +-
 include/projekt.class.php                     |   58 +-
 include/projektarbeit.class.php               |   91 +-
 include/projektbenutzer.class.php             |  180 +-
 include/projektbetreuer.class.php             |    2 +-
 include/projektphase.class.php                |   74 +-
 include/projekttask.class.php                 |   70 +-
 include/pruefung.class.php                    |    4 +-
 include/reservierung.class.php                |   60 +-
 include/ressource.class.php                   |   68 +-
 include/resturlaub.class.php                  |   32 +-
 include/schluesseltyp.class.php               |   18 +-
 include/standort.class.php                    |   72 +-
 include/statistik.class.php                   |   43 +-
 include/student.class.php                     |  128 +-
 include/studentnote.class.php                 |    7 +-
 include/wawi_bestelldetail.class.php          |   12 +-
 rdf/lehrverbandsgruppe.rdf.php                |   14 +-
 system/FH-Complete.txp                        | 3522 ++++++++++++++---
 system/checksystem.php                        |    5 +-
 vilesci/lehre/abgabe_assistenz_details.php    |    7 +-
 vilesci/lehre/ferienverwaltung.php            |   14 +-
 vilesci/lehre/incoming_delete.php             |   63 +-
 vilesci/lehre/stpl_benutzer_kollision.php     |   37 +-
 .../lehre/stpl_benutzer_kollision_details.php |   27 +-
 vilesci/personen/funktion_det.php             |    2 +-
 .../personen/preinteressent_uebersicht.php    |   22 +-
 vilesci/personen/student_edit.php             |   23 +-
 vilesci/statistik/statistik_sql.php           |   12 +
 87 files changed, 4310 insertions(+), 2015 deletions(-)
 create mode 100644 cis/private/outgoing/index.html

diff --git a/cis/private/kommune/index.php b/cis/private/kommune/index.php
index 91ade1d00..7b501f10a 100644
--- a/cis/private/kommune/index.php
+++ b/cis/private/kommune/index.php
@@ -181,7 +181,7 @@
 	// Fuer die Bildfunktion werden keine Datenbenoetigt, und nach Verarbeitung beenden
     if (trim($oWettbewerb->workSITE)==constKommuneDisplayIMAGE) 
 	{	
-		createIMGfromHEX(&$oWettbewerb);
+		createIMGfromHEX($oWettbewerb);
 		exit;
 	}		
 	
@@ -397,7 +397,7 @@ function doIt(user,nameID)
 	callURL=callURL+\'?userSel='.constKommuneUserXML.'&client_encode=UTF8&user=\'+user;
 	req.open("GET", callURL , true);
 
-       //Beim abschliessen des request wird diese Funktion ausgeführt
+       //Beim abschliessen des request wird diese Funktion ausgefuhrt
                 req.onreadystatechange = function(){            
                     switch(req.readyState) {
                             case 4:
@@ -429,7 +429,7 @@ function neuAufbau () {
 	    location.href = location.href;
 }
 
-/* Überwachung von Netscape initialisieren */
+/* uberwachung von Netscape initialisieren */
 if (!window.Weite && window.innerWidth) {
   	window.onresize = neuAufbau;
   
@@ -442,7 +442,7 @@ if (!window.Weite && window.innerWidth) {
 <body id="hauptbody">
 <script type="text/javascript">
 <!--
-/* Überwachung von Internet Explorer initialisieren */
+/* uberwachung von Internet Explorer initialisieren */
 if (!window.Weite && document.body && document.body.offsetWidth) 
 	{
 	  window.onresize = neuAufbau;
@@ -456,15 +456,15 @@ if (!window.Weite && document.body && document.body.offsetWidth)
 		
 	//-------------- Datenlesen	
 	// Daten Wettbewerb ermitteln /include kommune_funktionen.inc.php
-	kommune_funk_wettbewerb(&$oWettbewerb);	
+	kommune_funk_wettbewerb($oWettbewerb);	
 	
-	kommune_funk_eigene_wettbewerb(&$oWettbewerb);		
-	kommune_funk_team_wettbewerbe(&$oWettbewerb);
+	kommune_funk_eigene_wettbewerb($oWettbewerb);		
+	kommune_funk_team_wettbewerbe($oWettbewerb);
 
 	// Daten Teams ermitteln /include kommune_funktionen.inc.php
-	kommune_funk_teams(&$oWettbewerb);	// TeamGesamt
-	kommune_funk_anwenderteams(&$oWettbewerb); // TeamAnwender	
-	kommune_funk_teambenutzer(&$oWettbewerb); // Team, TeamBenutzer	
+	kommune_funk_teams($oWettbewerb);	// TeamGesamt
+	kommune_funk_anwenderteams($oWettbewerb); // TeamAnwender	
+	kommune_funk_teambenutzer($oWettbewerb); // Team, TeamBenutzer	
 	
 
 		
diff --git a/cis/private/kommune/kommune_wartung_wettbewerb.inc.php b/cis/private/kommune/kommune_wartung_wettbewerb.inc.php
index e0b392135..180e6b6cf 100644
--- a/cis/private/kommune/kommune_wartung_wettbewerb.inc.php
+++ b/cis/private/kommune/kommune_wartung_wettbewerb.inc.php
@@ -150,7 +150,7 @@
 // Lesen WettbewerbTypen und Wettbewerbe
    	$oWettbewerb->wbtyp_kurzbz=trim((isset($_REQUEST['wbtyp_kurzbz_sel']) ? $_REQUEST['wbtyp_kurzbz_sel']:''));
 	$oWettbewerb->wettbewerb_kurzbz='';
-	kommune_funk_wettbewerb(&$oWettbewerb);	
+	kommune_funk_wettbewerb($oWettbewerb);	
 	
 #var_dump($oWettbewerb);	
 	
@@ -286,4 +286,4 @@
 	<div><table><tr><td style="color:black;background-color:#FFFFE0;border : 1px solid Black;">&nbsp;&nbsp;&nbsp;</td><td>Pflichtfeld</td>
 	<td style="color:black;background-color:yellow;border : 1px solid Black;">&nbsp;&nbsp;&nbsp;</td><td>Neuanlage</td>
 	</tr></table>
-				
\ No newline at end of file
+				
diff --git a/cis/private/kommune/kommune_wartung_wettbewerbtypen.inc.php b/cis/private/kommune/kommune_wartung_wettbewerbtypen.inc.php
index a8e921118..e8092409f 100644
--- a/cis/private/kommune/kommune_wartung_wettbewerbtypen.inc.php
+++ b/cis/private/kommune/kommune_wartung_wettbewerbtypen.inc.php
@@ -103,7 +103,7 @@
 // Lesen WettbewerbTypen und Wettbewerbe
 	$oWettbewerb->wbtyp_kurzbz='';
 	$oWettbewerb->wettbewerb_kurzbz='';
-	kommune_funk_wettbewerb(&$oWettbewerb);	
+	kommune_funk_wettbewerb($oWettbewerb);	
 // ------------------------------------------------------------------------------------------
 // Aktuelle Datenlesen
 // ------------------------------------------------------------------------------------------
@@ -172,4 +172,4 @@
 		<?php } ?>				
 	</table>
 	<div><table><tr><td style="color:black;background-color:#FFFFE0;border : 1px solid Black;">&nbsp;&nbsp;&nbsp;</td><td>Pflichtfeld</td></tr></table></div>
-				
\ No newline at end of file
+				
diff --git a/cis/private/lehre/abgabe_lektor_details.php b/cis/private/lehre/abgabe_lektor_details.php
index 78b15a994..e46d40dd2 100644
--- a/cis/private/lehre/abgabe_lektor_details.php
+++ b/cis/private/lehre/abgabe_lektor_details.php
@@ -27,10 +27,6 @@
  *******************************************************************************************************/
 
 require_once('../../../config/cis.config.inc.php');
-// ------------------------------------------------------------------------------------------
-//	Datenbankanbindung 
-// ------------------------------------------------------------------------------------------
-		
 require_once('../../../include/functions.inc.php');
 require_once('../../../include/studiengang.class.php');
 require_once('../../../include/datum.class.php');
diff --git a/cis/private/outgoing/akte.php b/cis/private/outgoing/akte.php
index ec30ff9a2..922507c00 100644
--- a/cis/private/outgoing/akte.php
+++ b/cis/private/outgoing/akte.php
@@ -23,13 +23,24 @@
 // um und gibt das Dokument zurueck.
 
 require_once('../../../config/vilesci.config.inc.php');
+require_once('../../../include/functions.inc.php');
 require_once('../../../include/akte.class.php');
+require_once('../../../include/benutzer.class.php');
+
+
+$uid = get_uid();
+
+$benutzer = new benutzer();
+if(!$benutzer->load($uid))
+	die('Benutzer nicht gefunden');
 
 //base64 Dump aus der DB holen
 if(isset($_GET['id']) && is_numeric($_GET['id']))
 {
 	$akte = new akte($_GET['id']);
-
+	if($akte->person_id!=$benutzer->person_id)
+		die('Sie haben keine Berechtigung fuer diese Datei');
+	
 	//Header fuer Bild schicken
 	header("Content-type: $akte->mimetype");
 	header('Content-Disposition: attachment; filename="'.$akte->titel.'"');
@@ -38,4 +49,4 @@ if(isset($_GET['id']) && is_numeric($_GET['id']))
 else 
 	echo 'Unkown type';
 
-?>
\ No newline at end of file
+?>
diff --git a/cis/private/outgoing/akteupload.php b/cis/private/outgoing/akteupload.php
index e8cd57eec..f288dac0c 100755
--- a/cis/private/outgoing/akteupload.php
+++ b/cis/private/outgoing/akteupload.php
@@ -26,6 +26,7 @@
 require_once('../../../config/cis.config.inc.php');
 require_once('../../../include/functions.inc.php');
 require_once('../../../include/person.class.php');
+require_once('../../../include/benutzer.class.php');
 require_once('../../../include/benutzerberechtigung.class.php');
 require_once('../../../include/akte.class.php');
 require_once('../../../include/dokument.class.php');
@@ -37,6 +38,14 @@ header("Content-Type: text/html; charset=utf-8");
 if(isset($_GET['lang']))
 	setSprache($_GET['lang']);
 	
+$uid = get_uid();
+
+$benutzer = new benutzer();
+$benutzer->load($uid);
+
+if($benutzer->person_id!=$_GET['person_id'])
+	die('Sie haben keine Berechtigung fuer diese Seite');
+
 $dokumenttyp = (isset($_GET['dokumenttyp']))? $_GET['dokumenttyp'] : 'LearnAgr';
 $sprache = getSprache(); 
 $p=new phrasen($sprache); 
diff --git a/cis/private/outgoing/index.html b/cis/private/outgoing/index.html
new file mode 100644
index 000000000..fb99ff86c
--- /dev/null
+++ b/cis/private/outgoing/index.html
@@ -0,0 +1,8 @@
+<html>
+<head>
+<script>
+window.location.href='registration.php'
+</script>
+<body>
+</body>
+</html>
diff --git a/cis/private/pdfExport.php b/cis/private/pdfExport.php
index cf1c62a3f..d486c46a9 100644
--- a/cis/private/pdfExport.php
+++ b/cis/private/pdfExport.php
@@ -114,7 +114,7 @@ if (($user == $_GET["uid"]) || $rechte->isBerechtigt('admin'))
 	//echo ':'.$xml_doc->saveXML().':';
 	
 	//XSL aus der DB holen
-	$qry = "SELECT text FROM public.tbl_vorlagestudiengang WHERE (studiengang_kz=0 OR studiengang_kz='".addslashes($xsl_stg_kz)."') AND vorlage_kurzbz='$xsl' ORDER BY studiengang_kz DESC, version DESC LIMIT 1";
+	$qry = "SELECT text FROM public.tbl_vorlagestudiengang WHERE (studiengang_kz=0 OR studiengang_kz=".$db->db_add_param($xsl_stg_kz).") AND vorlage_kurzbz=".$db->db_add_param($xsl)." ORDER BY studiengang_kz DESC, version DESC LIMIT 1";
 	
 	if(!$result = $db->db_query($qry))
 		die('Fehler beim laden der Vorlage'.$db->db_last_error());
@@ -145,7 +145,7 @@ if (($user == $_GET["uid"]) || $rechte->isBerechtigt('admin'))
 	if(isset($_GET['uid']) && $_GET['uid']!='')
 	{
 		$uid = str_replace(';','',$_GET['uid']);
-		$qry = "SELECT nachname FROM campus.vw_benutzer WHERE uid='".addslashes($uid)."'";
+		$qry = "SELECT nachname FROM campus.vw_benutzer WHERE uid=".$db->db_add_param($uid);
 		
 		if($result = $db->db_query($qry))
 		{
@@ -167,4 +167,4 @@ else
 	// kein berechtigung
 	echo "<html><body><h3>Sie haben keine Berechtigung zum Anzeigen dieser Seite</h3></body></html>";
 }
-?>
\ No newline at end of file
+?>
diff --git a/cis/private/profile/zahlungen_details.php b/cis/private/profile/zahlungen_details.php
index f42764b82..288a82419 100644
--- a/cis/private/profile/zahlungen_details.php
+++ b/cis/private/profile/zahlungen_details.php
@@ -17,112 +17,93 @@
  *
  * Authors: Martin Tatzber <tatzberm@technikum-wien.at>, 
  */
+require_once('../../../config/cis.config.inc.php');
+require_once('../../../include/functions.inc.php');
+require_once('../../../include/konto.class.php');
+require_once('../../../include/bankverbindung.class.php');
+require_once('../../../include/studiengang.class.php');
+require_once('../../../include/organisationseinheit.class.php');
+require_once('../../../include/addon.class.php');
+require_once('../../../include/benutzer.class.php');
+	
+$uid = get_uid();
+	
+$benutzer = new benutzer();
+if(!$benutzer->load($uid))
+	die('Benutzer nicht gefunden');
+
+if(isset($_GET['buchungsnr']))
+	$buchungsnr=$_GET['buchungsnr'];
+else
+	$buchungsnr='';
+
+$konto=new konto();
+$konto->load($buchungsnr);
+
+if($konto->person_id!=$benutzer->person_id)
+	die('Sie haben keine Berechtigung fuer diese Seite');
+
+$studiengang=new studiengang();
+$studiengang->load($konto->studiengang_kz);
+$bankverbindung=new bankverbindung();
+
+$kontodaten = getBankverbindung($studiengang->oe_kurzbz);
+$iban=$kontodaten["iban"];
+$bic=$kontodaten["bic"];
+
+$oe=new organisationseinheit();
+$oe->load($studiengang->oe_kurzbz);
+
+$konto->getBuchungstyp();
+$buchungstyp = array();	
+foreach ($konto->result as $row)
+	$buchungstyp[$row->buchungstyp_kurzbz]=$row->beschreibung;
+
+echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+		<html>
+		<head>
+			<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+			<title>Zahlungsdetails</title>
+			<link href="../../../skin/style.css.php" rel="stylesheet" type="text/css">
+			<link href="../../../skin/fhcomplete.css.php" rel="stylesheet" type="text/css">
+			<link rel="stylesheet" href="../../../skin/tablesort.css" type="text/css"/>
+		</head>
+		<body>';
+
+echo '<h1>Einzahlung für '.$konto->vorname.' '.$konto->nachname.'</h1>
+<table class="tablesorter">
+	<thead>
+		<tr>
+			<th width="40%">Zahlungsinformationen</th>
+			<th width="60%"></th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Buchungstyp</td>
+			<td>'.$buchungstyp[$konto->buchungstyp_kurzbz].'</td>
+		</tr><tr>
+			<td>Buchungstext</td>
+			<td>'.$konto->buchungstext.'</td>
+		</tr><tr>
+			<td>Betrag</td>
+			<td>'.abs($konto->betrag).' €</td>
+		</tr>
+	</tbody>
+</table>
+<table class="tablesorter">
+	<thead>
+		<tr>
+			<th width="40%">Zahlung an</th>
+			<th width="60%"></th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Empfänger</td>
+			<td>'.$oe->organisationseinheittyp_kurzbz.' '.$oe->bezeichnung.'</td>
+		</tr>';
 
-	require_once('../../../config/cis.config.inc.php');
-	require_once('../../../include/konto.class.php');
-	require_once('../../../include/bankverbindung.class.php');
-	require_once('../../../include/studiengang.class.php');
-	require_once('../../../include/organisationseinheit.class.php');
-	require_once('../../../include/addon.class.php');
-	
-	
-	function getBankverbindung($oe_kurzbz)
-	{
-	    $iban = "";
-	    $bic = "";
-	    $result = array();
-	    $bankverbindung=new bankverbindung();
-	    if($bankverbindung->load_oe($oe_kurzbz) && count($bankverbindung->result)>0)
-	    {
-		$result["iban"]=$bankverbindung->result[0]->iban;
-		$result["bic"]=$bankverbindung->result[0]->bic;
-		return $result;
-	    }
-	    else
-	    {
-		$organisationseinheit = new organisationseinheit();
-		$organisationseinheit->load($oe_kurzbz);
-		if($organisationseinheit->oe_parent_kurzbz !== NULL)
-		{
-		    $result = getBankverbindung($organisationseinheit->oe_parent_kurzbz);
-		    return $result;
-		}
-		else
-		{
-		    $result["iban"]="";
-		    $result["bic"]="";
-		}
-	    }
-	}
-	
-	if(isset($_GET['buchungsnr']))
-		$buchungsnr=$_GET['buchungsnr'];
-	else
-		$buchungsnr='';
-	
-	$konto=new konto();
-	$konto->load($buchungsnr);
-	
-	$studiengang=new studiengang();
-	$studiengang->load($konto->studiengang_kz);
-	$bankverbindung=new bankverbindung();
-	
-	$kontodaten = getBankverbindung($studiengang->oe_kurzbz);
-	$iban=$kontodaten["iban"];
-	$bic=$kontodaten["bic"];
-	
-	$oe=new organisationseinheit();
-	$oe->load($studiengang->oe_kurzbz);
-	
-	$konto->getBuchungstyp();
-	$buchungstyp = array();	
-	foreach ($konto->result as $row)
-		$buchungstyp[$row->buchungstyp_kurzbz]=$row->beschreibung;
-	
-	echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-			<html>
-			<head>
-				<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-				<title>Zahlungsdetails</title>
-				<link href="../../../skin/style.css.php" rel="stylesheet" type="text/css">
-				<link href="../../../skin/fhcomplete.css.php" rel="stylesheet" type="text/css">
-				<link rel="stylesheet" href="../../../skin/tablesort.css" type="text/css"/>
-			</head>
-			<body>';
-	
-	echo '<h1>Einzahlung für '.$konto->vorname.' '.$konto->nachname.'</h1>
-	<table class="tablesorter">
-		<thead>
-			<tr>
-				<th width="40%">Zahlungsinformationen</th>
-				<th width="60%"></th>
-			</tr>
-		</thead>
-		<tbody>
-			<tr>
-				<td>Buchungstyp</td>
-				<td>'.$buchungstyp[$konto->buchungstyp_kurzbz].'</td>
-			</tr><tr>
-				<td>Buchungstext</td>
-				<td>'.$konto->buchungstext.'</td>
-			</tr><tr>
-				<td>Betrag</td>
-				<td>'.abs($konto->betrag).' €</td>
-			</tr>
-		</tbody>
-	</table>
-	<table class="tablesorter">
-		<thead>
-			<tr>
-				<th width="40%">Zahlung an</th>
-				<th width="60%"></th>
-			</tr>
-		</thead>
-		<tbody>
-			<tr>
-				<td>Empfänger</td>
- 				<td>'.$oe->organisationseinheittyp_kurzbz.' '.$oe->bezeichnung.'</td>
-			</tr>';
 if($iban!='')
 {
 	echo '
@@ -180,5 +161,32 @@ foreach($addon->result as $a)
 
 echo '</body></html>';
 
-
+function getBankverbindung($oe_kurzbz)
+{
+    $iban = "";
+    $bic = "";
+    $result = array();
+    $bankverbindung=new bankverbindung();
+    if($bankverbindung->load_oe($oe_kurzbz) && count($bankverbindung->result)>0)
+    {
+	$result["iban"]=$bankverbindung->result[0]->iban;
+	$result["bic"]=$bankverbindung->result[0]->bic;
+	return $result;
+    }
+    else
+    {
+	$organisationseinheit = new organisationseinheit();
+	$organisationseinheit->load($oe_kurzbz);
+	if($organisationseinheit->oe_parent_kurzbz !== NULL)
+	{
+	    $result = getBankverbindung($organisationseinheit->oe_parent_kurzbz);
+	    return $result;
+	}
+	else
+	{
+	    $result["iban"]="";
+	    $result["bic"]="";
+	}
+    }
+}
 ?>
diff --git a/cis/private/profile/zeitsperre_resturlaub.php b/cis/private/profile/zeitsperre_resturlaub.php
index 72a08d90e..38f70e498 100644
--- a/cis/private/profile/zeitsperre_resturlaub.php
+++ b/cis/private/profile/zeitsperre_resturlaub.php
@@ -406,7 +406,11 @@ if(count($zeit->result)>0)
 	{
 		$i++;
 		//name der vertretung holen
-		$qry = "SELECT vorname || ' ' || nachname as kurzbz FROM public.tbl_mitarbeiter, public.tbl_benutzer, public.tbl_person WHERE tbl_benutzer.uid=tbl_mitarbeiter.mitarbeiter_uid AND tbl_benutzer.person_id=tbl_person.person_id AND mitarbeiter_uid='$row->vertretung_uid'";
+		$qry = "SELECT vorname || ' ' || nachname as kurzbz FROM public.tbl_mitarbeiter, public.tbl_benutzer, public.tbl_person 
+				WHERE tbl_benutzer.uid=tbl_mitarbeiter.mitarbeiter_uid 
+					AND tbl_benutzer.person_id=tbl_person.person_id 
+					AND mitarbeiter_uid=".$db->db_add_param($row->vertretung_uid);
+
 		$result_vertretung = $db->db_query($qry);
 		$row_vertretung = $db->db_fetch_object($result_vertretung);
 		$content_table.= "<tr class='liste".($i%2)."'>
@@ -619,9 +623,9 @@ if(URLAUB_TOOLS)
 	$gebuchterurlaub=0;
 	//Urlaub berechnen (date_part('month', vondatum)>9 AND date_part('year', vondatum)='".(date('Y')-1)."') OR (date_part('month', vondatum)<9 AND date_part('year', vondatum)='".date('Y')."')
 	$qry = "SELECT sum(bisdatum-vondatum+1) as anzahltage FROM campus.tbl_zeitsperre
-				WHERE zeitsperretyp_kurzbz='Urlaub' AND mitarbeiter_uid='$uid' AND
+				WHERE zeitsperretyp_kurzbz='Urlaub' AND mitarbeiter_uid=".$db->db_add_param($uid)." AND
 				(
-					vondatum>='$datum_beginn_iso' AND bisdatum<='$datum_ende_iso'
+					vondatum>=".$db->db_add_param($datum_beginn_iso)." AND bisdatum<=".$db->db_add_param($datum_ende_iso)."
 				)";
 	$tttt="\n";
 	$result = $db->db_query($qry);
@@ -653,4 +657,4 @@ echo '</table>';
 </td></tr></table>
 </div>
 <body>
-</html>
\ No newline at end of file
+</html>
diff --git a/cis/private/tools/feedback.php b/cis/private/tools/feedback.php
index 814c56afa..1131e0039 100644
--- a/cis/private/tools/feedback.php
+++ b/cis/private/tools/feedback.php
@@ -25,12 +25,12 @@
 /*
  * Formular zum Senden eins Feedbacks an die CIS-Administratoren
  */
-    require_once('../../../config/cis.config.inc.php');
-	require_once('../../../include/basis_db.class.php');	  	
-    require_once('../../../include/functions.inc.php');
-    require_once('../../../include/mail.class.php');
-	require_once('../../../include/phrasen.class.php');
-	
+require_once('../../../config/cis.config.inc.php');
+require_once('../../../include/basis_db.class.php');	  	
+require_once('../../../include/functions.inc.php');
+require_once('../../../include/mail.class.php');
+require_once('../../../include/phrasen.class.php');
+
 $sprache = getSprache(); 
 $p=new phrasen($sprache); 
 
@@ -49,7 +49,7 @@ if (!$user=get_uid())
 	{
 		$destination = MAIL_CIS;
 
-		$sql_query = "SELECT DISTINCT vorname, nachname, (uid || '@".DOMAIN."') AS emailtw FROM campus.vw_benutzer WHERE uid='$user' LIMIT 1";
+		$sql_query = "SELECT DISTINCT vorname, nachname, (uid || '@".DOMAIN."') AS emailtw FROM campus.vw_benutzer WHERE uid=".$db->db_add_param($user)." LIMIT 1";
 
 		$feedback_message = chop($txtFeedbackMessage);
 
@@ -151,4 +151,4 @@ if (!$user=get_uid())
   </tr>
 </table>
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/cis/private/tools/projektabgabe.php b/cis/private/tools/projektabgabe.php
index 53080874a..7e2e7aaab 100644
--- a/cis/private/tools/projektabgabe.php
+++ b/cis/private/tools/projektabgabe.php
@@ -211,7 +211,6 @@ if(isset($_REQUEST['ok']) || (isset($_REQUEST['aktion']) && $_REQUEST['aktion']=
 	if($rechte->isBerechtigt('admin') || $rechte->isBerechtigt($berechtigung_kurzbz, $s->oe_kurzbz))
 	{
 		$qry="";
-##		$qry.="SELECT * 	FROM (";
  
 		$qry.="	SELECT public.tbl_studiengang.bezeichnung as stgbez, campus.tbl_paabgabe.datum as termin,* FROM lehre.tbl_projektarbeit 
 			JOIN campus.tbl_paabgabe USING(projektarbeit_id)
@@ -223,22 +222,20 @@ if(isset($_REQUEST['ok']) || (isset($_REQUEST['aktion']) && $_REQUEST['aktion']=
 			WHERE (projekttyp_kurzbz='Bachelor' OR projekttyp_kurzbz='Diplom') 
 			 			
 			";
-			//AND public.tbl_benutzer.aktiv
-			//AND lehre.tbl_projektarbeit.note IS NULL
+
 			if ($stg_kz!='')
-				$qry.=" AND public.tbl_studiengang.studiengang_kz='".addslashes($stg_kz)."'";
+				$qry.=" AND public.tbl_studiengang.studiengang_kz=".$db->db_add_param($stg_kz);
 			if ($abgabetyp!='')
-				$qry.=" AND campus.tbl_paabgabe.paabgabetyp_kurzbz='".addslashes($abgabetyp)."'";
+				$qry.=" AND campus.tbl_paabgabe.paabgabetyp_kurzbz=".$db->db_add_param($abgabetyp);
 			if ($termin!='')
-				$qry.=" AND campus.tbl_paabgabe.datum='".addslashes($termin)."'";
+				$qry.=" AND campus.tbl_paabgabe.datum=".$db->db_add_param($termin);
 		$qry.=" ORDER BY nachname  ";
-##		$qry.=" ORDER BY tbl_projektarbeit.projektarbeit_id desc) as xy ";		
-##		$qry.=" ORDER BY nachname";	
+
 		if($stg_kz=='' && $abgabetyp=='' && $termin=='')
 		{
 			$qry.=" limit 100 ";				
 		}
-		//echo $qry."<br>";
+
 		if(!$erg=$db->db_query($qry))
 		{
 			die('Fehler beim Laden der Betreuungen!');
@@ -304,6 +301,11 @@ if($zipfile=='')
 }
 else
 {
+	if(!$rechte->isBerechtigt($berechtigung_kurzbz))
+	{
+		die($p->t('global/keineBerechtigungFuerDieseSeite'));
+	}
+
 	//Zip File erstellen
 	chdir(PAABGABE_PATH);
 	$zipausgabe=tempnam("/tmp", "PAA").".zip";
@@ -331,4 +333,4 @@ else
 		echo $p->t('global/dateiExistiertNicht');
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/cis/public/bildupload.php b/cis/public/bildupload.php
index 97a5b12d4..bd3520534 100644
--- a/cis/public/bildupload.php
+++ b/cis/public/bildupload.php
@@ -86,6 +86,14 @@ function resize($filename, $width, $height)
 if(!isset($_GET['person_id']))
 	die($p->t('global/fehlerBeiDerParameteruebergabe'));
 
+$person = new person();
+if(isset($_SESSION['prestudent/user']))
+	$person_id=$person->checkZugangscode($_SESSION['prestudent/user']); 
+if(isset($_SESSION['incoming/user']))
+	$person_id=$person->checkZugangscode($_SESSION['prestudent/user']); 
+if($person_id!=$_GET['person_id'])
+	die('Sie haben keine Berechtigung für diese Seite');
+
 //Bei Upload des Bildes
 if(isset($_POST['submitbild']))
 {
diff --git a/cis/public/dms_akteupload.php b/cis/public/dms_akteupload.php
index e94580f0f..a318cfe53 100755
--- a/cis/public/dms_akteupload.php
+++ b/cis/public/dms_akteupload.php
@@ -35,10 +35,24 @@ require_once('../../include/dms.class.php');
 
 header("Content-Type: text/html; charset=utf-8");
 
+session_cache_limiter('none'); //muss gesetzt werden sonst funktioniert der Download mit IE8 nicht
+session_start();
+if (!isset($_SESSION['bewerbung/user']) || $_SESSION['bewerbung/user']=='') 
+{
+    header('Location: registration.php?method=allgemein');
+    exit;
+}
+
 if(isset($_GET['lang']))
 	setSprache($_GET['lang']);
 
 $person_id = isset($_GET['person_id'])?$_GET['person_id']:'';
+
+if(!isset($_SESSION['bewerbung/personId']))
+	die('Sie haben keine Berechtigung für diese Seite');
+
+if($person_id!=$_SESSION['bewerbung/personId'])
+	die('Sie haben keine Berechtigung für diese Seite');
 	
 $dokumenttyp = (isset($_GET['dokumenttyp']))? $_GET['dokumenttyp'] : '';
 $kategorie_kurzbz = isset($_REQUEST['kategorie_kurzbz'])?$_REQUEST['kategorie_kurzbz']:'';
diff --git a/cis/public/incoming/akte.php b/cis/public/incoming/akte.php
index ea63e255a..a30c7eed5 100644
--- a/cis/public/incoming/akte.php
+++ b/cis/public/incoming/akte.php
@@ -24,11 +24,17 @@
 require_once 'auth.php';
 require_once('../../../config/vilesci.config.inc.php');
 require_once('../../../include/akte.class.php');
+require_once('../../../include/person.class.php');
 
+$person = new person();
+$person_id=$person->checkZugangscode($_SESSION['incoming/user']); 
+		
 //base64 Dump aus der DB holen
 if(isset($_GET['id']) && is_numeric($_GET['id']))
 {
 	$akte = new akte($_GET['id']);
+	if($person_id!=$akte->person_id)
+		die('Sie haben keine Berechtigung fuer diese Datei');
 
 	//Header fuer Bild schicken
 	header("Content-type: $akte->mimetype");
@@ -38,4 +44,4 @@ if(isset($_GET['id']) && is_numeric($_GET['id']))
 else 
 	echo 'Unkown type';
 
-?>
\ No newline at end of file
+?>
diff --git a/cis/public/incoming/akteupload.php b/cis/public/incoming/akteupload.php
index 2d337ef1e..6d0eb0b54 100644
--- a/cis/public/incoming/akteupload.php
+++ b/cis/public/incoming/akteupload.php
@@ -26,6 +26,7 @@ require_once 'auth.php';
 require_once('../../../config/cis.config.inc.php');
 require_once('../../../include/functions.inc.php');
 require_once('../../../include/person.class.php');
+require_once('../../../include/benutzer.class.php');
 require_once('../../../include/benutzerberechtigung.class.php');
 require_once('../../../include/akte.class.php');
 require_once('../../../include/dokument.class.php');
@@ -37,6 +38,14 @@ header("Content-Type: text/html; charset=utf-8");
 if(isset($_GET['lang']))
 	setSprache($_GET['lang']);
 	
+$code = $_SESSION['incoming/user'];
+
+$person = new person();
+$person_id = $person->checkZugangscode($code);
+
+if($person_id!=$_GET['person_id'])
+	die('Sie haben keine Berechtigung für diese Seite');
+
 $dokumenttyp = (isset($_GET['dokumenttyp']))? $_GET['dokumenttyp'] : 'LearnAgr';
 $sprache = getSprache(); 
 $p=new phrasen($sprache); 
diff --git a/cis/testtool/admin/.htaccess b/cis/testtool/admin/.htaccess
index 8f33404c4..552d00aa1 100644
--- a/cis/testtool/admin/.htaccess
+++ b/cis/testtool/admin/.htaccess
@@ -3,15 +3,7 @@ AuthName "Technikum-Wien"
 AuthType Basic
 AuthBasicProvider ldap
 AuthBasicAuthoritative Off
-AuthLDAPURL "ldap://ldap.technikum-wien.at:389/ou=People,dc=technikum-wien,dc=at?uid?one?objectclass=posixAccount"
-#AuthLDAPURL "ldap://ldap.technikum-wien.at:389/ou=People,dc=technikum,dc=at?uid?sub?(objectClass=*)"
+AuthLDAPURL "ldap://localhost:389/ou=People,dc=oesi,dc=org?uid?one?objectclass=posixAccount"
 AuthLDAPGroupAttributeIsDN Off
 AuthLDAPGroupAttribute memberuid
-Require ldap-group cn=fhadmin,ou=Group,dc=technikum-wien,dc=at
-require ldap-group cn=hadesadm,ou=Group,dc=technikum-wien,dc=at
-Require user pam
 require user oesi
-require user ruhan
-Require user tw01e061
-Require user if10b066
-require ldap-user if10b066
\ No newline at end of file
diff --git a/cis/testtool/admin/auswertung_detail_prestudent.php b/cis/testtool/admin/auswertung_detail_prestudent.php
index d1dc39cf6..3b2f2a6e2 100644
--- a/cis/testtool/admin/auswertung_detail_prestudent.php
+++ b/cis/testtool/admin/auswertung_detail_prestudent.php
@@ -45,7 +45,7 @@ echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//DE" "http://www
 		<script type="text/javascript" src="../../../include/js/jquery.js"></script> 
 	</head>
 	<body class="Background_main">
-	<h2>Auswertung Reihungstest Detailergebnis PrestudentIn '.$_GET['prestudent_id'].'</h2>';
+	<h2>Auswertung Reihungstest Detailergebnis PrestudentIn '.$db->convert_html_chars($_GET['prestudent_id']).'</h2>';
 
 if(!$rechte->isBerechtigt('basis/testtool', null, 'suid'))
 		die('Sie haben keine Berechtigung fuer diese Seite');
@@ -65,7 +65,7 @@ if(isset($_GET['prestudent_id']))
 				JOIN testtool.tbl_pruefling_frage ON (tbl_pruefling.pruefling_id=tbl_pruefling_frage.pruefling_id AND tbl_frage.frage_id =tbl_pruefling_frage.frage_id)
 				JOIN public.tbl_prestudent USING (prestudent_id)
 				JOIN public.tbl_person USING (person_id)
-				WHERE prestudent_id='".$_GET['prestudent_id']."'
+				WHERE prestudent_id=".$db->db_add_param($_GET['prestudent_id'], FHC_INTEGER)."
 				ORDER BY kurzbz,tbl_pruefling_frage.begintime,nummer";
 		if($result = $db->db_query($qry))
 		{
diff --git a/cis/testtool/admin/index.php b/cis/testtool/admin/index.php
index 4ee3c7bd4..26f0217b2 100644
--- a/cis/testtool/admin/index.php
+++ b/cis/testtool/admin/index.php
@@ -91,8 +91,9 @@ else
 
 $save_vorschlag_error=false;
 /*<?xml-stylesheet type="text/xsl" href="../mathml.xsl"?>*/
+
+echo '<?xml version="1.0" encoding="UTF-8"?>';
 ?>
-<?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.1 plus MathML 2.0//EN"
          "http://www.w3.org/Math/DTD/mathml2/xhtml-math11-f.dtd">
@@ -174,7 +175,7 @@ if(isset($_GET['type']) && $_GET['type']=='changesprache')
 }
 
 if(!isset($_SESSION['sprache']))
-	$_SESSION['sprache']='German';
+	$_SESSION['sprache']=DEFAULT_LANGUAGE;
 	
 $sprache = $_SESSION['sprache'];
 
@@ -592,7 +593,7 @@ if (($anzahl!==0) || ($stg_kz=='-1') && ($stg_kz!==''))
 	echo '<br />';
 	
 	// Liste der Fragen
-	$qry = "SELECT distinct nummer FROM testtool.tbl_frage WHERE gebiet_id='".addslashes($gebiet_id)."' ORDER BY nummer";
+	$qry = "SELECT distinct nummer FROM testtool.tbl_frage WHERE gebiet_id=".$db->db_add_param($gebiet_id)." ORDER BY nummer";
 	
 	if($result = $db->db_query($qry))
 	{
@@ -752,7 +753,7 @@ if($frage_id!='')
 	echo '<b>Vorschlag'.($vorschlag_id!=''?' Edit':'').'</b><br /><br />';
 	echo "<form name='formular_vorschlag' method='POST' enctype='multipart/form-data' action='$PHP_SELF?gebiet_id=$gebiet_id&amp;stg_kz=$stg_kz&amp;nummer=$nummer&amp;frage_id=$frage_id'>";
 	echo "<input type='hidden' name='vorschlag_id' value='$vorschlag->vorschlag_id' />";
-	echo '<table>';
+	echo '<table>';
 	echo "<tr><td>Nummer:</td><td><input type='text' name='nummer' size='3' id='nummer' value='$vorschlag->nummer' />";
 	echo "<input type='button' value='1' onclick='document.getElementById(\"nummer\").value=\"1\";' />";
 	echo "<input type='button' value='2' onclick='document.getElementById(\"nummer\").value=\"2\";' />";
diff --git a/cis/testtool/frage.php b/cis/testtool/frage.php
index e0bfda178..21e31ec6a 100644
--- a/cis/testtool/frage.php
+++ b/cis/testtool/frage.php
@@ -236,7 +236,7 @@ if(isset($_POST['submitantwort']) && isset($_GET['frage_id']))
 		// alle vorhandenen Antworten zu dieser Frage loeschen
 		$qry = "DELETE FROM testtool.tbl_antwort WHERE antwort_id in(
 					SELECT antwort_id FROM testtool.tbl_antwort JOIN testtool.tbl_vorschlag USING(vorschlag_id)
-					WHERE frage_id='".addslashes($_GET['frage_id'])."' AND pruefling_id='".addslashes($_SESSION['pruefling_id'])."')";
+					WHERE frage_id=".$db->db_add_param($_GET['frage_id'])." AND pruefling_id=".$db->db_add_param($_SESSION['pruefling_id']).")";
 	
 		$db->db_query($qry);
 		
@@ -314,7 +314,7 @@ if(isset($_POST['submitantwort']) && isset($_GET['frage_id']))
 $qry = "SELECT begintime
 		FROM 
 			testtool.tbl_pruefling_frage JOIN testtool.tbl_frage USING(frage_id)
-		WHERE pruefling_id='".addslashes($_SESSION['pruefling_id'])."' AND gebiet_id='".addslashes($gebiet_id)."'
+		WHERE pruefling_id=".$db->db_add_param($_SESSION['pruefling_id'], FHC_INTEGER)." AND gebiet_id=".$db->db_add_param($gebiet_id, FHC_INTEGER)."
 		ORDER BY begintime ASC LIMIT 1";
 
 if($result = $db->db_query($qry))
@@ -344,7 +344,7 @@ $info='';
 $qry_pruefling = "SELECT vorname, nachname, stg_bez, tbl_studiengangstyp.bezeichnung FROM testtool.vw_pruefling 
 					JOIN public.tbl_studiengang USING (studiengang_kz)
 					JOIN public.tbl_studiengangstyp USING (typ)
-					WHERE pruefling_id='".addslashes($_SESSION['pruefling_id'])."'";
+					WHERE pruefling_id=".$db->db_add_param($_SESSION['pruefling_id']);
 
 if($result_pruefling = $db->db_query($qry_pruefling))
 {
@@ -360,8 +360,8 @@ if($levelgebiet)
 	$max = $gebiet->maxfragen;
 	$aktuell=0;
 	$qry = "SELECT count(*) as anzahl FROM testtool.tbl_pruefling_frage JOIN testtool.tbl_frage USING(frage_id)
-			WHERE pruefling_id='".addslashes($_SESSION['pruefling_id'])."'
-			AND gebiet_id='$gebiet_id'";
+			WHERE pruefling_id=".$db->db_add_param($_SESSION['pruefling_id'], FHC_INTEGER)."
+			AND gebiet_id=".$db->db_add_param($gebiet_id, FHC_INTEGER);
 	
 	if($result_aktuell = $db->db_query($qry))
 	{
@@ -405,7 +405,7 @@ else
 	//Wenn es sich um eine Testfrage handelt, dann wird die verbleibende Zeit angezeigt
 	$qry = "SELECT '$gebiet->zeit'-(now()-min(begintime)) as time 
 			FROM testtool.tbl_pruefling_frage JOIN testtool.tbl_frage USING(frage_id) 
-			WHERE gebiet_id='".addslashes($gebiet_id)."' AND pruefling_id='".addslashes($_SESSION['pruefling_id'])."'";
+			WHERE gebiet_id=".$db->db_add_param($gebiet_id, FHC_INTEGER)." AND pruefling_id=".$db->db_add_param($_SESSION['pruefling_id'], FHC_INTEGER);
 	$result = $db->db_query($qry);
 	$row = $db->db_fetch_object($result);
 	//Zeit in Sekunden umrechnen
@@ -441,7 +441,7 @@ else
 		// wenn keine Frage uebergeben wurde und die maximale Fragenanzahl erreicht wurde
 		// dann ist das Gebiet fertig
 		$qry = "SELECT count(*) as anzahl FROM testtool.tbl_pruefling_frage JOIN testtool.tbl_frage USING(frage_id) 
-				WHERE gebiet_id='".addslashes($gebiet_id)."' AND pruefling_id='".addslashes($_SESSION['pruefling_id'])."' AND tbl_pruefling_frage.endtime is not null";
+				WHERE gebiet_id=".$db->db_add_param($gebiet_id, FHC_INTEGER)." AND pruefling_id=".$db->db_add_param($_SESSION['pruefling_id'], FHC_INTEGER)." AND tbl_pruefling_frage.endtime is not null";
 		$result = $db->db_query($qry);
 		$row = $db->db_fetch_object($result);
 		
@@ -488,7 +488,7 @@ if($frage->frage_id!='')
 	{
 		$qry = "SELECT tbl_pruefling_frage.nummer, tbl_pruefling_frage.frage_id 
 				FROM testtool.tbl_pruefling_frage JOIN testtool.tbl_frage USING(frage_id) 
-				WHERE gebiet_id='".addslashes($gebiet_id)."' AND pruefling_id='".addslashes($_SESSION['pruefling_id'])."' AND demo=false ORDER BY nummer";
+				WHERE gebiet_id=".$db->db_add_param($gebiet_id, FHC_INTEGER)." AND pruefling_id=".$db->db_add_param($_SESSION['pruefling_id'], FHC_INTEGER)." AND demo=false ORDER BY nummer";
 
 		echo " <table><tr>";
 		//Nummern der Fragen Anzeigen
@@ -524,7 +524,7 @@ if($frage->frage_id!='')
 			if($demo)
 			{
 				$qry = "SELECT count(*) as anzahl FROM testtool.tbl_frage 
-						WHERE tbl_frage.gebiet_id='".addslashes($gebiet_id)."' 
+						WHERE tbl_frage.gebiet_id=".$db->db_add_param($gebiet_id, FHC_INTEGER)." 
 						AND demo ";
 				if($row = $db->db_fetch_object($db->db_query($qry)))
 				{
@@ -563,7 +563,7 @@ if($frage->frage_id!='')
 				//$nextfrage = $frage->getNextFrage($gebiet_id, $_SESSION['pruefling_id'], $frage_id, $demo);
 				
 				$qry = "SELECT count(*) as anzahl FROM testtool.tbl_frage 
-						WHERE tbl_frage.gebiet_id='".addslashes($gebiet_id)."' 
+						WHERE tbl_frage.gebiet_id=".$db->db_add_param($gebiet_id, FHC_INTEGER)."
 						AND demo ";
 				if($row = $db->db_fetch_object($db->db_query($qry)))
 				{
diff --git a/cis/testtool/login.php b/cis/testtool/login.php
index e53b0d12c..9744264a5 100644
--- a/cis/testtool/login.php
+++ b/cis/testtool/login.php
@@ -279,7 +279,7 @@ if(isset($_POST['save']) && isset($_SESSION['prestudent_id']))
 		$typ->getStudiengangTyp($stg_obj->typ);	
 		
 		//Sprachwahl des Studiengangs
-		$qry = "SELECT sprachwahl FROM testtool.tbl_ablauf_vorgaben WHERE studiengang_kz=".addslashes($prestudent->studiengang_kz)." LIMIT 1";
+		$qry = "SELECT sprachwahl FROM testtool.tbl_ablauf_vorgaben WHERE studiengang_kz=".$db->db_add_param($prestudent->studiengang_kz)." LIMIT 1";
 		$result = $db->db_query($qry);
 		$sprachwahl = $db->db_fetch_object($result);
 		$sprachwahl = $db->db_parse_bool($sprachwahl->sprachwahl);
@@ -317,7 +317,7 @@ if(isset($_POST['save']) && isset($_SESSION['prestudent_id']))
 							JOIN testtool.tbl_frage USING(gebiet_id)
 							JOIN testtool.tbl_frage_sprache USING(frage_id)						
 						WHERE
-							tbl_pruefling.pruefling_id='".addslashes($pruefling->pruefling_id)."'
+							tbl_pruefling.pruefling_id=".$db->db_add_param($pruefling->pruefling_id)."
 						ORDER BY sprache DESC";
 				echo $p->t('testtool/spracheDerTestfragen').':';
 				if($result = $db->db_query($qry))
@@ -346,9 +346,10 @@ if(isset($_POST['save']) && isset($_SESSION['prestudent_id']))
 	}
 	else
 	{
+		$prestudent_id_dummy_student = (defined('PRESTUDENT_ID_DUMMY_STUDENT')?PRESTUDENT_ID_DUMMY_STUDENT:'');
 		echo '<form method="post">
 				<SELECT name="prestudent">';
-		echo '<OPTION value="'.PRESTUDENT_ID_DUMMY_STUDENT.'">'.$p->t('testtool/nameAuswaehlen').'</OPTION>\n';
+		echo '<OPTION value="'.$prestudent_id_dummy_student.'">'.$p->t('testtool/nameAuswaehlen').'</OPTION>\n';
 		foreach($ps->result as $prestd)
 		{
 			$stg = new studiengang();
diff --git a/cis/testtool/menu.php b/cis/testtool/menu.php
index 60f6ccd8c..e79221e4b 100644
--- a/cis/testtool/menu.php
+++ b/cis/testtool/menu.php
@@ -88,7 +88,7 @@ session_start();
 if (isset($_SESSION['pruefling_id']))
 {
 	//content_id fuer Einfuehrung auslesen
-	$qry = "SELECT content_id FROM testtool.tbl_ablauf_vorgaben WHERE studiengang_kz='".addslashes($_SESSION['studiengang_kz'])."' LIMIT 1";
+	$qry = "SELECT content_id FROM testtool.tbl_ablauf_vorgaben WHERE studiengang_kz=".$db->db_add_param($_SESSION['studiengang_kz'])." LIMIT 1";
 	$result = $db->db_query($qry);
 	
 	echo '<table width="100%"  border="0" cellspacing="0" cellpadding="0" style="border-right-width:1px;border-right-color:#BCBCBC;">';
@@ -96,11 +96,12 @@ if (isset($_SESSION['pruefling_id']))
 			<a href="login.php" target="content">'.$p->t('testtool/startseite').'</a>
 		</td></tr>';
 	if ($content_id = $db->db_fetch_object($result))
-		echo '<tr><td style="padding-left: 20px;"><a href="../../cms/content.php?content_id='.$content_id->content_id.'&sprache='.$sprache.'" target="content">'.$p->t('testtool/einleitung').'</a></td></tr>';
+		if($content_id->content_id!='')
+			echo '<tr><td style="padding-left: 20px;"><a href="../../cms/content.php?content_id='.$content_id->content_id.'&sprache='.$sprache.'" target="content">'.$p->t('testtool/einleitung').'</a></td></tr>';	
 	echo '<tr><td>&nbsp;</td></tr>';
 	echo '<tr><td style="padding-left: 20px;" nowrap>';
 	  	
-	$qry = "SELECT * FROM testtool.vw_ablauf WHERE studiengang_kz='".addslashes($_SESSION['studiengang_kz'])."' ORDER BY semester,reihung";
+	$qry = "SELECT * FROM testtool.vw_ablauf WHERE studiengang_kz=".$db->db_add_param($_SESSION['studiengang_kz'])." ORDER BY semester,reihung";
 	
 	$result = $db->db_query($qry);
 	$lastsemester = '';
@@ -126,9 +127,9 @@ if (isset($_SESSION['pruefling_id']))
 			//Status der Gebiete Pruefen
 			$gebiet->load($row->gebiet_id);
 			
-			$qry = "SELECT extract('epoch' from '$gebiet->zeit'-(now()-min(begintime))) as time
+			$qry = "SELECT extract('epoch' from '".$gebiet->zeit."'-(now()-min(begintime))) as time
 					FROM testtool.tbl_pruefling_frage JOIN testtool.tbl_frage USING(frage_id) 
-					WHERE gebiet_id='".addslashes($row->gebiet_id)."' AND pruefling_id='".addslashes($_SESSION['pruefling_id'])."'";
+					WHERE gebiet_id=".$db->db_add_param($row->gebiet_id)." AND pruefling_id=".$db->db_add_param($_SESSION['pruefling_id']);
 			if($result_time = $db->db_query($qry))
 			{
 				if($row_time = $db->db_fetch_object($result_time))
@@ -180,7 +181,6 @@ if (isset($_SESSION['pruefling_id']))
 		else 
 		{
 			echo '<tr>
-						<td width="10" nowrap>&nbsp;</td>
 				   		<td nowrap>
 				   			<span class="error"><img src="../../skin/images/menu_item.gif" width="7" height="9">&nbsp;'.$row->gebiet_bez.' (invalid)</span>
 				   		</td>
diff --git a/cis/testtool/topbar.php b/cis/testtool/topbar.php
index d6a29dad2..87baebeec 100644
--- a/cis/testtool/topbar.php
+++ b/cis/testtool/topbar.php
@@ -102,7 +102,7 @@ function changeSprache(sprache)
 echo '	<table style="background-image: url(../../skin/images/header_testtool.png); background-repeat: repeat-x;" width="100%" height="100%" cellspacing="0" cellpadding="0">
 		<tr>
     		<td valign="top" align="left">
-    			<a href="index.html" target="_top"><img class="header_logo" style="height:70%; left: 16px; top: 10%;" src="../../skin/styles/'.EXT_FKT_PATH.'/logo_klein.png" alt="logo"></a>
+    			<a href="index.html" target="_top"><img class="header_logo" style="height:70%; left: 16px; top: 10%;" src="../../skin/styles/'.DEFAULT_STYLE.'/logo_klein.png" alt="logo"></a>
     		</td>
     		<td align="right">
     		<select style="text-align: left; color: #0086CC; border: 1;" name="select">';
diff --git a/cms/menu/menu_addon_lehrveranstaltungen.inc.php b/cms/menu/menu_addon_lehrveranstaltungen.inc.php
index c39c6c4b1..f87ca1c62 100755
--- a/cms/menu/menu_addon_lehrveranstaltungen.inc.php
+++ b/cms/menu/menu_addon_lehrveranstaltungen.inc.php
@@ -209,4 +209,4 @@ class menu_addon_lehrveranstaltungen extends menu_addon
 }
 
 new menu_addon_lehrveranstaltungen();
-?>
\ No newline at end of file
+?>
diff --git a/cms/menu/menu_addon_test.inc.php b/cms/menu/menu_addon_test.inc.php
index 07e561213..c2cd4c74f 100755
--- a/cms/menu/menu_addon_test.inc.php
+++ b/cms/menu/menu_addon_test.inc.php
@@ -57,7 +57,7 @@ class menu_addon_test extends menu_addon
 			</form>
 			';
 		if(isset($_POST['stg_kz']))
-			$this->block.='KZ:'.$_POST['stg_kz'];
+			$this->block.='KZ:'.$this->convert_html_chars($_POST['stg_kz']);
 			
 		
 		$this->output();
@@ -65,4 +65,4 @@ class menu_addon_test extends menu_addon
 }
 
 new menu_addon_test();
-?>
\ No newline at end of file
+?>
diff --git a/content/createAusbildungsvertrag.php b/content/createAusbildungsvertrag.php
index 6b93f70a7..f1cd5dffc 100755
--- a/content/createAusbildungsvertrag.php
+++ b/content/createAusbildungsvertrag.php
@@ -64,7 +64,7 @@ else
 			else 
 				$uids = $_GET['uid'];
 
-			$qry = "SELECT student_uid, studiengang_kz FROM public.tbl_student WHERE student_uid='".addslashes($uids[1])."'";
+			$qry = "SELECT student_uid, studiengang_kz FROM public.tbl_student WHERE student_uid=".$db->db_add_param($uids[1]);
 			if($result_std = $db->db_query($qry))
 				if($db->db_num_rows($result_std)==1)
 				{
@@ -207,6 +207,7 @@ if (!isset($_REQUEST["archive"]))
 			fclose($handle);
 
 			unlink('content.xml');
+			unlink('styles.xml');
 			unlink($tempname_zip);
             if($output=='pdf')
                 unlink($tempPdfName);
diff --git a/content/fasDBDML.php b/content/fasDBDML.php
index 436eef27b..0e5ad4f5a 100644
--- a/content/fasDBDML.php
+++ b/content/fasDBDML.php
@@ -112,7 +112,8 @@ if(!$error)
 			{
 				if(is_numeric($_POST['plz']) && $_POST['plz']<32000)
 				{
-					$qry = "SELECT * FROM bis.tbl_gemeinde WHERE lower(name)=lower('".addslashes($_POST['gemeinde'])."') AND plz='".addslashes($_POST['plz'])."'";
+					$qry = "SELECT * FROM bis.tbl_gemeinde WHERE lower(name)=lower(".$db->db_add_param($_POST['gemeinde']).") 
+							AND plz=".$db->db_add_param($_POST['plz']);
 					if($db->db_query($qry))
 					{
 						if($row = $db->db_fetch_object())
diff --git a/content/lvplanung/lehrveranstaltungDBDML.php b/content/lvplanung/lehrveranstaltungDBDML.php
index 4bdc14abc..30494298f 100644
--- a/content/lvplanung/lehrveranstaltungDBDML.php
+++ b/content/lvplanung/lehrveranstaltungDBDML.php
@@ -1197,8 +1197,7 @@ if(!$error)
 		$data = '';
 	}
 }
-?>
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+echo '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <RDF:RDF
 	xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
 	xmlns:NC="http://home.netscape.com/NC-rdf#"
@@ -1207,10 +1206,12 @@ if(!$error)
   <RDF:Seq RDF:about="http://www.technikum-wien.at/dbdml/msg">
 	<RDF:li>
     	<RDF:Description RDF:about="http://www.technikum-wien.at/dbdml/0" >
-    		<DBDML:return><?php echo ($return?'true':'false'); ?></DBDML:return>
-        	<DBDML:errormsg><![CDATA[<?php echo $errormsg; ?>]]></DBDML:errormsg>
-        	<DBDML:data><![CDATA[<?php echo $data ?>]]></DBDML:data>
+    		<DBDML:return>'.($return?'true':'false').'</DBDML:return>
+        	<DBDML:errormsg><![CDATA['.$errormsg.']]></DBDML:errormsg>
+        	<DBDML:data><![CDATA['.$data.']]></DBDML:data>
         </RDF:Description>
 	</RDF:li>
   </RDF:Seq>
 </RDF:RDF>
+';
+?>
diff --git a/content/projektbeschreibung.php b/content/projektbeschreibung.php
index e41d94c5f..1f020255b 100755
--- a/content/projektbeschreibung.php
+++ b/content/projektbeschreibung.php
@@ -159,6 +159,9 @@ if(mb_strstr($vorlage->mimetype, 'application/vnd.oasis.opendocument'))
         fclose($handle);
 
         unlink('content.xml');
+		unlink('styles.xml');
+		unlink('Pictures/20000001000071B00000242C6CF7933F.svg');
+		rmdir('Pictures');
         unlink($tempname_zip);
         if($output=='pdf')
             unlink($tempPdfName);
diff --git a/content/statistik/bama_studentenstrom.svg.php b/content/statistik/bama_studentenstrom.svg.php
index a6e89ebd5..6d04b537f 100644
--- a/content/statistik/bama_studentenstrom.svg.php
+++ b/content/statistik/bama_studentenstrom.svg.php
@@ -55,7 +55,7 @@ if(trim($typ)=="m")
 			AND public.tbl_person.person_id IN(SELECT public.tbl_person.person_id FROM public.tbl_person 
 			JOIN public.tbl_prestudent ON(public.tbl_person.person_id=public.tbl_prestudent.person_id) 
 			JOIN public.tbl_prestudentstatus ON(public.tbl_prestudent.prestudent_id=public.tbl_prestudentstatus.prestudent_id) 
-			WHERE studiengang_kz=".$studiengang_kz."  
+			WHERE studiengang_kz=".$db->db_add_param($studiengang_kz)."  
 			AND studiensemester_kurzbz='WS".(substr(trim($stsem),-4)-$i)."' 
 			AND status_kurzbz='Student' 
 			AND ausbildungssemester='1') 
@@ -74,7 +74,7 @@ if(trim($typ)=="m")
 		$qry_anzahl="SELECT count(*) as anzahl FROM public.tbl_person 
 		JOIN public.tbl_prestudent ON(public.tbl_person.person_id=public.tbl_prestudent.person_id) 
 		JOIN public.tbl_prestudentstatus ON(public.tbl_prestudent.prestudent_id=public.tbl_prestudentstatus.prestudent_id) 
-		WHERE studiengang_kz=".$studiengang_kz."  
+		WHERE studiengang_kz=".$db->db_add_param($studiengang_kz)."  
 			AND studiensemester_kurzbz='WS".(substr(trim($stsem),-4)-$i)."' 
 			AND status_kurzbz='Student' 
 			AND ausbildungssemester='1'";
@@ -122,7 +122,7 @@ if(trim($typ)=="b")
 			AND public.tbl_person.person_id IN(SELECT public.tbl_person.person_id FROM public.tbl_person 
 			JOIN public.tbl_prestudent ON(public.tbl_person.person_id=public.tbl_prestudent.person_id) 
 			JOIN public.tbl_prestudentstatus ON(public.tbl_prestudent.prestudent_id=public.tbl_prestudentstatus.prestudent_id) 
-			WHERE studiengang_kz='".$studiengang_kz."'  
+			WHERE studiengang_kz=".$db->db_add_param($studiengang_kz)."
 			AND status_kurzbz='Absolvent'
 			AND (studiensemester_kurzbz='WS".(substr(trim($stsem),-4)-$i)."' OR studiensemester_kurzbz='SS".(substr(trim($stsem),-4)-$i)."') )) as b 
 		GROUP BY studiengang_kz, typ, bezeichnung, kurzbz ORDER BY stgkurz";
@@ -140,7 +140,7 @@ if(trim($typ)=="b")
 		$qry_anzahl="SELECT count(*) as anzahl FROM public.tbl_person 
 			JOIN public.tbl_prestudent ON(public.tbl_person.person_id=public.tbl_prestudent.person_id) 
 			JOIN public.tbl_prestudentstatus ON(public.tbl_prestudent.prestudent_id=public.tbl_prestudentstatus.prestudent_id) 
-			WHERE studiengang_kz='".$studiengang_kz."' 
+			WHERE studiengang_kz=".$db->db_add_param($studiengang_kz)."
 			AND status_kurzbz='Absolvent'
 			AND (studiensemester_kurzbz='WS".(substr(trim($stsem),-4)-$i)."' OR studiensemester_kurzbz='SS".(substr(trim($stsem),-4)-$i)."')";
 		if($result_anzahl=$db->db_query($qry_anzahl))
@@ -188,4 +188,4 @@ if(trim($typ)=="b")
 		$graph->data[$status] = new ezcGraphArrayDataSet( $data );
 	} 
 	$graph->renderToOutput( 500, 500);
-?>
\ No newline at end of file
+?>
diff --git a/content/student/studentDBDML.php b/content/student/studentDBDML.php
index fb912619e..441625ade 100644
--- a/content/student/studentDBDML.php
+++ b/content/student/studentDBDML.php
@@ -402,9 +402,9 @@ if(!$error)
 								JOIN public.tbl_studiengang USING(studiengang_kz) 
 								LEFT JOIN public.tbl_reihungstest USING(reihungstest_id) 
 							WHERE 
-								person_id='".addslashes($prestudent->person_id)."' 
+								person_id=".$db->db_add_param($prestudent->person_id, FHC_INTEGER)." 
 								AND reihungstest_id is not null 
-								AND tbl_studiengang.typ='".$stg->typ."'";
+								AND tbl_studiengang.typ=".$db->db_add_param($stg->typ);
 					
 					if($result = $db->db_query($qry))
 					{
@@ -564,7 +564,7 @@ if(!$error)
 								//muss ein Bewerberstatus vorhanden sein
 								if($_POST['status_kurzbz']=='Aufgenommener' || $_POST['status_kurzbz']=='Wartender')
 								{
-									$qry = "SELECT * FROM public.tbl_prestudentstatus WHERE prestudent_id='".$prestudent_id."' AND status_kurzbz='Bewerber'";
+									$qry = "SELECT * FROM public.tbl_prestudentstatus WHERE prestudent_id=".$db->db_add_param($prestudent_id, FHC_INTEGER)." AND status_kurzbz='Bewerber'";
 									if($result_bw = $db->db_query($qry))
 									{
 										if($db->db_num_rows($result_bw)==0)
@@ -762,7 +762,7 @@ if(!$error)
 			}
 			else
 			{
-				$qry = "SELECT count(*) as anzahl FROM public.tbl_prestudentstatus WHERE prestudent_id='".$db->db_add_param($_POST['prestudent_id'], FHC_INTEGER)."'";
+				$qry = "SELECT count(*) as anzahl FROM public.tbl_prestudentstatus WHERE prestudent_id=".$db->db_add_param($_POST['prestudent_id'], FHC_INTEGER);
 				if($result = $db->db_query($qry))
 				{
 					if($row = $db->db_fetch_object($result))
@@ -818,7 +818,7 @@ if(!$error)
 						else
 						{
 							$return = false;
-							$errormsg = 'Sie haben keine Berechtigung zum Loeschen dieser Rolle:'.$_POST['studiengang_kz'];
+							$errormsg = 'Sie haben keine Berechtigung zum Loeschen dieser Rolle';
 						}
 					}
 					else
@@ -917,7 +917,7 @@ if(!$error)
 						if($_POST['status_kurzbz']=='Student')
 						{
 							//Die Rolle Student darf nur eingefuegt werden, wenn schon eine Studentenrolle vorhanden ist
-							$qry = "SELECT count(*) as anzahl FROM public.tbl_student WHERE prestudent_id='".addslashes($_POST['prestudent_id'])."'";
+							$qry = "SELECT count(*) as anzahl FROM public.tbl_student WHERE prestudent_id=".$db->db_add_param($_POST['prestudent_id'], FHC_INTEGER);
 							if($result = $db->db_query($qry))
 							{
 								if($row = $db->db_fetch_object($result))
@@ -1013,7 +1013,7 @@ if(!$error)
 						if($_POST['status_kurzbz']=='Student')
 						{
 							//Die Rolle Student darf nur eingefuegt werden, wenn schon eine Studentenrolle vorhanden ist
-							$qry = "SELECT count(*) as anzahl FROM public.tbl_student WHERE prestudent_id='".addslashes($_POST['prestudent_id'])."'";
+							$qry = "SELECT count(*) as anzahl FROM public.tbl_student WHERE prestudent_id=".$db->db_add_param($_POST['prestudent_id'], FHC_INTEGER);
 							if($result = $db->db_query($qry))
 							{
 								if($row = $db->db_fetch_object($result))
@@ -1189,7 +1189,7 @@ if(!$error)
 														
 														if(!defined('GENERATE_ALIAS_STUDENT') || GENERATE_ALIAS_STUDENT===true)
 														{
-															$qry_alias = "SELECT * FROM public.tbl_benutzer WHERE alias=LOWER('".$vorname_clean.".".$nachname_clean."')";
+															$qry_alias = "SELECT * FROM public.tbl_benutzer WHERE alias=LOWER(".$db->db_add_param($vorname_clean.".".$nachname_clean).")";
 															$result_alias = $db->db_query($qry_alias);
 															if($db->db_num_rows($result_alias)==0)
 																$benutzer->alias = $vorname_clean.'.'.$nachname_clean;
@@ -1541,7 +1541,7 @@ if(!$error)
 				{
 					if($uid!='')
 					{
-						$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid='".addslashes($uid)."'";
+						$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid=".$db->db_add_param($uid);
 						if($result = $db->db_query($qry))
 						{
 							if($row = $db->db_fetch_object($result))
@@ -1697,7 +1697,7 @@ if(!$error)
 						{
 							$error = true;
 							$return = false;
-							$errormsg = "\nSie haben keine Schreibrechte fuer diese Buchung: ".$buchung->buchungsnr;
+							$errormsg = "\nSie haben keine Schreibrechte fuer diese Buchung";
 						}
 						else
 						{
@@ -1733,7 +1733,7 @@ if(!$error)
 					}
 					else
 					{
-						$errormsg .= "\n".'Buchung wurde nicht gefunden:'.$_POST['buchungsnr'];
+						$errormsg .= "\n".'Buchung wurde nicht gefunden';
 						$return = false;
 					}
 				}
@@ -1750,7 +1750,7 @@ if(!$error)
 		else
 		{
 			$return = false;
-			$errormsg  = 'Fehlerhafte Parameteruebergabe'.$_POST['buchungsnr'];
+			$errormsg  = 'Fehlerhafte Parameteruebergabe';
 		}
 	}
 	elseif(isset($_POST['type']) && $_POST['type']=='deletebuchung')
@@ -1791,7 +1791,7 @@ if(!$error)
 		else
 		{
 			$return = false;
-			$errormsg  = 'Fehlerhafte Parameteruebergabe'.$_POST['buchungsnr'];
+			$errormsg  = 'Fehlerhafte Parameteruebergabe';
 		}
 	}
 	elseif(isset($_POST['type']) && $_POST['type']=='neuebuchung')
@@ -2202,8 +2202,8 @@ if(!$error)
 							$qry = "SELECT vorname, nachname, uid 
 									FROM public.vw_betriebsmittelperson 
 									WHERE betriebsmitteltyp='Zutrittskarte' AND 
-										nummer='".$_POST['nummer']."'::varchar AND 
-										person_id<>".$_POST['person_id']." AND
+										nummer='".$db->db_escape($_POST['nummer'])."'::varchar AND 
+										person_id<>".$db->db_add_param($_POST['person_id'], FHC_INTEGER)." AND
 										retouram is null";
 							if($result_bmp = $db->db_query($qry))
 							{
@@ -2381,7 +2381,7 @@ if(!$error)
 		if(isset($_POST['lehrveranstaltung_id']) && isset($_POST['student_uid']) && isset($_POST['studiensemester_kurzbz']))
 		{
 			//Berechtigung pruefen
-			$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id='".addslashes($_POST['lehrveranstaltung_id'])."'";
+			$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id=".$db->db_add_param($_POST['lehrveranstaltung_id'], FHC_INTEGER);
 			if($result = $db->db_query($qry))
 			{
 				if($row = $db->db_fetch_object($result))
@@ -2402,7 +2402,7 @@ if(!$error)
 				$errormsg = 'Fehler beim Ermitteln der LVA';
 			}
 
-			$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid='".addslashes($_POST['student_uid'])."'";
+			$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid=".$db->db_add_param($_POST['student_uid']);
 			if($result = $db->db_query($qry))
 			{
 				if($row = $db->db_fetch_object($result))
@@ -2486,7 +2486,7 @@ if(!$error)
 			$zeugnisnote = new zeugnisnote();
 
 			//Berechtigung pruefen
-			$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id='".addslashes($_POST['lehrveranstaltung_id_'.$i])."'";
+			$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id=".$db->db_add_param($_POST['lehrveranstaltung_id_'.$i], FHC_INTEGER);
 			if($result = $db->db_query($qry))
 			{
 				if($row = $db->db_fetch_object($result))
@@ -2507,7 +2507,7 @@ if(!$error)
 				$errormsg = 'Fehler beim Ermitteln der LVA';
 			}
 
-			$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid='".addslashes($_POST['student_uid_'.$i])."'";
+			$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid=".$db->db_add_param($_POST['student_uid_'.$i], FHC_INTEGER);
 			if($result = $db->db_query($qry))
 			{
 				if($row = $db->db_fetch_object($result))
@@ -2613,7 +2613,7 @@ if(!$error)
 
 				if(!$error)
 				{
-					$qry = "SELECT student_uid, studiengang_kz FROM public.tbl_student WHERE trim(matrikelnr)='".trim($_POST['matrikelnummer_'.$i])."'";
+					$qry = "SELECT student_uid, studiengang_kz FROM public.tbl_student WHERE trim(matrikelnr)=".$db->db_add_param(trim($_POST['matrikelnummer_'.$i]));
 					if($result = $db->db_query($qry))
 					{
 						if($row = $db->db_fetch_object($result))
@@ -2634,7 +2634,7 @@ if(!$error)
 					}
 
 					//Berechtigung pruefen
-					$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id='".addslashes($_POST['lehrveranstaltung_id'])."'";
+					$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id=".$db->db_add_param($_POST['lehrveranstaltung_id'], FHC_INTEGER);
 					if($result = $db->db_query($qry))
 					{
 						if($row = $db->db_fetch_object($result))
@@ -2720,7 +2720,7 @@ if(!$error)
 		if(isset($_POST['lehrveranstaltung_id']) && isset($_POST['student_uid']) && isset($_POST['studiensemester_kurzbz']))
 		{
 			//Berechtigung pruefen
-			$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id='".addslashes($_POST['lehrveranstaltung_id'])."'";
+			$qry = "SELECT studiengang_kz FROM lehre.tbl_lehrveranstaltung WHERE lehrveranstaltung_id=".$db->db_add_param($_POST['lehrveranstaltung_id'], FHC_INTEGER);
 			if($result = $db->db_query($qry))
 			{
 				if($row = $db->db_fetch_object($result))
@@ -2741,7 +2741,7 @@ if(!$error)
 				$errormsg = 'Fehler beim Ermitteln der LVA';
 			}
 
-			$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid='".addslashes($_POST['student_uid'])."'";
+			$qry = "SELECT studiengang_kz FROM public.tbl_student WHERE student_uid=".$db->db_add_param($_POST['student_uid']);
 			if($result = $db->db_query($qry))
 			{
 				if($row = $db->db_fetch_object($result))
@@ -2864,16 +2864,16 @@ if(!$error)
 				//Wenn ein 2. Termin angelegt wird, und kein 1. Termin vorhanden ist,
 				//dann wird auch ein 1. Termin angelegt mit der derzeitigen Zeugnisnote
 				$qry = "SELECT * FROM lehre.tbl_pruefung WHERE
-						student_uid='".addslashes($_POST['student_uid'])."' AND
-						lehreinheit_id='".addslashes($_POST['lehreinheit_id'])."' AND
+						student_uid=".$db->db_add_param($_POST['student_uid'])." AND
+						lehreinheit_id=".$db->db_add_param($_POST['lehreinheit_id'], FHC_INTEGER)." AND
 						pruefungstyp_kurzbz='Termin1'";
 				if($result = $db->db_query($qry))
 				{
 					if($db->db_num_rows($result)==0)
 					{
 						$qry = "SELECT note, benotungsdatum FROM lehre.tbl_zeugnisnote JOIN lehre.tbl_lehreinheit USING(lehrveranstaltung_id) WHERE
-								student_uid='".addslashes($_POST['student_uid'])."' AND
-								tbl_lehreinheit.lehreinheit_id='".addslashes($_POST['lehreinheit_id'])."' AND
+								student_uid=".$db->db_add_param($_POST['student_uid'])." AND
+								tbl_lehreinheit.lehreinheit_id=".$db->db_add_param($_POST['lehreinheit_id'], FHC_INTEGER)." AND
 								tbl_lehreinheit.studiensemester_kurzbz = tbl_zeugnisnote.studiensemester_kurzbz";
 						if($result = $db->db_query($qry))
 						{
@@ -2931,7 +2931,8 @@ if(!$error)
 					$return = true;
 					$data = $pruefung->pruefung_id;
 					//Zeugnisnote aktualisieren
-					$qry = "SELECT lehrveranstaltung_id, studiensemester_kurzbz FROM lehre.tbl_lehreinheit WHERE lehreinheit_id='".addslashes($_POST['lehreinheit_id'])."'";
+					$qry = "SELECT lehrveranstaltung_id, studiensemester_kurzbz FROM lehre.tbl_lehreinheit 
+							WHERE lehreinheit_id=".$db->db_add_param($_POST['lehreinheit_id'], FHC_INTEGER);
 					if($result_le = $db->db_query($qry))
 					{
 						if($row_le = $db->db_fetch_object($result_le))
@@ -3212,7 +3213,9 @@ if(!$error)
 			{
 				$projektarbeit = new projektarbeit();
 
-				$qry = "SELECT count(*) as anzahl FROM lehre.tbl_projektbetreuer WHERE projektarbeit_id='".$_POST['projektarbeit_id']."'";
+				$qry = "SELECT count(*) as anzahl FROM lehre.tbl_projektbetreuer 
+					WHERE projektarbeit_id=".$db->db_add_param($_POST['projektarbeit_id'], FHC_INTEGER);
+
 				if($result = $db->db_query($qry))
 				{
 					if($row = $db->db_fetch_object($result))
@@ -3224,7 +3227,9 @@ if(!$error)
 						}
 						else
 						{
-							$qry = "SELECT count(*) as anzahl FROM campus.tbl_paabgabe WHERE projektarbeit_id='".$_POST['projektarbeit_id']."';";
+							$qry = "SELECT count(*) as anzahl FROM campus.tbl_paabgabe 
+									WHERE projektarbeit_id=".$db->db_add_param($_POST['projektarbeit_id'], FHC_INTEGER).";";
+
 							if($result = $db->db_query($qry))
 							{
 								if($row = $db->db_fetch_object($result))
@@ -3378,7 +3383,8 @@ if(!$error)
 			{
 				if(is_numeric($person_id))
 				{
-					$qry = "SELECT kontakt FROM public.tbl_kontakt WHERE kontakttyp='email' AND person_id='$person_id' AND zustellung=true LIMIT 1";
+					$qry = "SELECT kontakt FROM public.tbl_kontakt WHERE kontakttyp='email' 
+						AND person_id=".$db->db_add_param($person_id, FHC_INTEGER)." AND zustellung=true LIMIT 1";
 					if($result = $db->db_query($qry))
 					{
 						if($row = $db->db_fetch_object($result))
@@ -3431,7 +3437,8 @@ if(!$error)
 	{
 		if(isset($_POST['person_id']))
 		{
-			$qry = "SELECT stundensatz FROM public.tbl_mitarbeiter JOIN public.tbl_benutzer ON(uid=mitarbeiter_uid) WHERE person_id='".addslashes($_POST['person_id'])."'";
+			$qry = "SELECT stundensatz FROM public.tbl_mitarbeiter JOIN public.tbl_benutzer ON(uid=mitarbeiter_uid) 
+					WHERE person_id=".$db->db_add_param($_POST['person_id'], FHC_INTEGER);
 			if($result = $db->db_query($qry))
 			{
 				if($row = $db->db_fetch_object($result))
@@ -3455,7 +3462,7 @@ if(!$error)
 	else
 	{
 		$return = false;
-		$errormsg = 'Unkown type: "'.$_POST['type'].'"';
+		$errormsg = 'Unkown type: "'.$db->convert_html_chars($_POST['type']).'"';
 		$data = '';
 	}
 }
diff --git a/content/tempusDBDML.php b/content/tempusDBDML.php
index a07db0ee0..3772fde1f 100644
--- a/content/tempusDBDML.php
+++ b/content/tempusDBDML.php
@@ -285,8 +285,8 @@ if(!$error)
 		$data = '';
 	}
 }
-?>
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+
+echo '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <RDF:RDF
 	xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
 	xmlns:NC="http://home.netscape.com/NC-rdf#"
@@ -295,10 +295,12 @@ if(!$error)
   <RDF:Seq RDF:about="http://www.technikum-wien.at/dbdml/msg">
 	<RDF:li>
     	<RDF:Description RDF:about="http://www.technikum-wien.at/dbdml/0" >
-    		<DBDML:return><?php echo ($return?'true':'false'); ?></DBDML:return>
-        	<DBDML:errormsg><![CDATA[<?php echo $errormsg; ?>]]></DBDML:errormsg>
-        	<DBDML:data><![CDATA[<?php echo $data ?>]]></DBDML:data>
+    		<DBDML:return>'.($return?'true':'false').'</DBDML:return>
+        	<DBDML:errormsg><![CDATA['.$errormsg.']]></DBDML:errormsg>
+        	<DBDML:data><![CDATA['.$data.']]></DBDML:data>
         </RDF:Description>
 	</RDF:li>
   </RDF:Seq>
 </RDF:RDF>
+';
+?>
diff --git a/include/appdaten.class.php b/include/appdaten.class.php
index b8889fdf3..e025866bd 100644
--- a/include/appdaten.class.php
+++ b/include/appdaten.class.php
@@ -219,7 +219,8 @@ class appdaten extends basis_db
 	 * @param type $target
 	 * @param type $row
 	 */
-	private function mapRow($target,$row) {		
+	private function mapRow($target,$row) 
+	{		
 		$target->appdaten_id=$row->appdaten_id;
 		$target->uid=$row->uid;
 		$target->app=$row->app;
diff --git a/include/benutzer.class.php b/include/benutzer.class.php
index 2b660db18..2a3f7f2e0 100644
--- a/include/benutzer.class.php
+++ b/include/benutzer.class.php
@@ -92,7 +92,7 @@ class benutzer extends person
 		}
 		if($this->uid == '')
 		{
-			$this->errormsg = 'UID muss eingegeben werden '.$this->uid;
+			$this->errormsg = 'UID muss eingegeben werden';
 			return false;
 		}
 		if(mb_strlen($this->alias)>256)
@@ -199,7 +199,7 @@ class benutzer extends person
 		}
 		else 
 		{	
-			$this->errormsg = 'Fehler beim Speichern des Benutzer-Datensatzes:'.$qry;
+			$this->errormsg = 'Fehler beim Speichern des Benutzer-Datensatzes';
 			return false;
 		}
 	}
@@ -326,10 +326,10 @@ class benutzer extends person
 				elseif($aktiv==false)
 					$qry.=" tbl_benutzer.aktiv=false AND (";
 		
-		$qry.=" lower(vorname || ' ' || nachname) like lower('%".addslashes(implode(' ',$searchItems))."%')"; 
-		$qry.=" OR lower(nachname || ' ' || vorname) like lower('%".addslashes(implode(' ',$searchItems))."%')";
-		$qry.=" OR lower(uid) like lower('%".addslashes(implode(' ',$searchItems))."%')";
-		$qry.=" OR lower(telefonklappe) like lower('%".addslashes(implode(' ',$searchItems))."%')";
+		$qry.=" lower(vorname || ' ' || nachname) like lower('%".$this->db_escape(implode(' ',$searchItems))."%')"; 
+		$qry.=" OR lower(nachname || ' ' || vorname) like lower('%".$this->db_escape(implode(' ',$searchItems))."%')";
+		$qry.=" OR lower(uid) like lower('%".$this->db_escape(implode(' ',$searchItems))."%')";
+		$qry.=" OR lower(telefonklappe) like lower('%".$this->db_escape(implode(' ',$searchItems))."%')";
 		
 		foreach($searchItems as $value)
 		{
diff --git a/include/benutzerberechtigung.class.php b/include/benutzerberechtigung.class.php
index d4ff04017..10dad94d7 100644
--- a/include/benutzerberechtigung.class.php
+++ b/include/benutzerberechtigung.class.php
@@ -602,7 +602,7 @@ class benutzerberechtigung extends basis_db
 					{
 						$childoes = $oe->getChilds($b->oe_kurzbz);
 						foreach($childoes as $row)
-							$not .="'".addslashes($row)."',";
+							$not .="'".$this->db_escape($row)."',";
 					}
 					else 
 						return array();
@@ -613,7 +613,7 @@ class benutzerberechtigung extends basis_db
 					{
 						$childoes = $oe->getChilds($b->oe_kurzbz);
 						foreach($childoes as $row)
-							$in .= "'".addslashes($row)."',"; 
+							$in .= "'".$this->db_escape($row)."',"; 
 					}
 					else 
 					{
diff --git a/include/benutzerfunktion.class.php b/include/benutzerfunktion.class.php
index 5bd0a3ffb..71acc4e3e 100644
--- a/include/benutzerfunktion.class.php
+++ b/include/benutzerfunktion.class.php
@@ -118,7 +118,7 @@ class benutzerfunktion extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Laden der Bentuzerfunktionen';
+			$this->errormsg = 'Fehler beim Laden der Benutzerfunktionen';
 			return false;
 		}
 	}
@@ -164,7 +164,7 @@ class benutzerfunktion extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Laden der Bentuzerfunktionen';
+			$this->errormsg = 'Fehler beim Laden der Benutzerfunktionen';
 			return false;
 		}
 	}
@@ -219,7 +219,7 @@ class benutzerfunktion extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Laden der Bentuzerfunktionen';
+			$this->errormsg = 'Fehler beim Laden der Benutzerfunktionen';
 			return false;
 		}
 	}
@@ -395,7 +395,7 @@ class benutzerfunktion extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Speichern des Datensatzes - '.$this->db_last_error();
+			$this->errormsg = 'Fehler beim Speichern des Datensatzes';
 			return false;
 		}
 	}
@@ -454,7 +454,7 @@ class benutzerfunktion extends basis_db
 	    }
 	    else
 	    {
-		$this->errormsg = 'Fehler beim Laden der Bentuzerfunktionen';
+		$this->errormsg = 'Fehler beim Laden der Benutzerfunktionen';
 		return false;
 	    }
 	}
diff --git a/include/berechtigung.class.php b/include/berechtigung.class.php
index 25808bd22..6cdafcc50 100644
--- a/include/berechtigung.class.php
+++ b/include/berechtigung.class.php
@@ -46,7 +46,7 @@ class berechtigung extends basis_db
 	 */
 	public function load($berechtigung_kurzbz)
 	{
-		$qry = "SELECT * FROM system.tbl_berechtigung WHERE berechtigung_kurzbz='".addslashes($berechtigung_kurzbz)."'";
+		$qry = "SELECT * FROM system.tbl_berechtigung WHERE berechtigung_kurzbz=".$this->db_add_param($berechtigung_kurzbz);
 		
 		if($result = $this->db_query($qry))
 		{
@@ -81,14 +81,14 @@ class berechtigung extends basis_db
 		if($new)
 		{
 			$qry = "INSERT INTO system.tbl_berechtigung(berechtigung_kurzbz, beschreibung) VALUES(".
-					$this->addslashes($this->berechtigung_kurzbz).','.
-					$this->addslashes($this->beschreibung).');';
+					$this->db_add_param($this->berechtigung_kurzbz).','.
+					$this->db_add_param($this->beschreibung).');';
 		}
 		else 
 		{
 			$qry = 'UPDATE system.tbl_berechtigung 
-					SET beschreibung='.$this->addslashes($this->beschreibung).'
-					WHERE berechtigung_kurzbz='.$this->addslashes($this->berechtigung_kurzbz).';';
+					SET beschreibung='.$this->db_add_param($this->beschreibung).'
+					WHERE berechtigung_kurzbz='.$this->db_add_param($this->berechtigung_kurzbz).';';
 		}
 		
 		if($this->db_query($qry))
@@ -138,7 +138,7 @@ class berechtigung extends basis_db
 	public function getRolleBerechtigung($rolle_kurzbz)
 	{
 		$qry = "SELECT * FROM system.tbl_rolleberechtigung JOIN system.tbl_berechtigung USING(berechtigung_kurzbz)
-				WHERE rolle_kurzbz='".addslashes($rolle_kurzbz)."' ORDER BY berechtigung_kurzbz, beschreibung";
+				WHERE rolle_kurzbz=".$this->db_add_param($rolle_kurzbz)." ORDER BY berechtigung_kurzbz, beschreibung";
 		
 		if($this->db_query($qry))
 		{
@@ -200,7 +200,7 @@ class berechtigung extends basis_db
 	 */
 	public function deleteRolleBerechtigung($rolle_kurzbz, $berechtigung_kurzbz)
 	{
-		$qry = "DELETE FROM system.tbl_rolleberechtigung WHERE rolle_kurzbz='".addslashes($rolle_kurzbz)."' AND berechtigung_kurzbz='".addslashes($berechtigung_kurzbz)."';";
+		$qry = "DELETE FROM system.tbl_rolleberechtigung WHERE rolle_kurzbz=".$this->db_add_param($rolle_kurzbz)." AND berechtigung_kurzbz=".$this->db_add_param($berechtigung_kurzbz).";";
 		
 		if($this->db_query($qry))
 		{
@@ -220,9 +220,9 @@ class berechtigung extends basis_db
 	 */
 	public function deleteRolle($rolle_kurzbz)
 	{
-		$qry = "DELETE FROM system.tbl_rolleberechtigung WHERE rolle_kurzbz='".addslashes($rolle_kurzbz)."';
-				DELETE FROM system.tbl_benutzerrolle WHERE rolle_kurzbz='".addslashes($rolle_kurzbz)."';
-				DELETE FROM system.tbl_rolle WHERE rolle_kurzbz='".addslashes($rolle_kurzbz)."';";
+		$qry = "DELETE FROM system.tbl_rolleberechtigung WHERE rolle_kurzbz=".$this->db_add_param($rolle_kurzbz).";
+				DELETE FROM system.tbl_benutzerrolle WHERE rolle_kurzbz=".$this->db_add_param($rolle_kurzbz).";
+				DELETE FROM system.tbl_rolle WHERE rolle_kurzbz=".$this->db_add_param($rolle_kurzbz).";";
 		
 		if($this->db_query($qry))
 		{
@@ -242,23 +242,23 @@ class berechtigung extends basis_db
 	public function saveRolleBerechtigung()
 	{
 		$qry = "SELECT 1 FROM system.tbl_rolleberechtigung 
-				WHERE rolle_kurzbz='".addslashes($this->rolle_kurzbz)."'
-				AND berechtigung_kurzbz='".addslashes($this->berechtigung_kurzbz)."'";
+				WHERE rolle_kurzbz=".$this->db_add_param($this->rolle_kurzbz)."
+				AND berechtigung_kurzbz=".$this->db_add_param($this->berechtigung_kurzbz);
 		
 		if($this->db_query($qry))
 		{
 			if($this->db_num_rows()>0)
 			{
 				//Update
-				$qry = "UPDATE system.tbl_rolleberechtigung SET art='".addslashes($this->art)."' WHERE rolle_kurzbz='".addslashes($this->rolle_kurzbz)."' AND berechtigung_kurzbz='".addslashes($this->berechtigung_kurzbz)."';";
+				$qry = "UPDATE system.tbl_rolleberechtigung SET art=".$this->db_add_param($this->art)." WHERE rolle_kurzbz=".$this->db_add_param($this->rolle_kurzbz)." AND berechtigung_kurzbz=".$this->db_add_param($this->berechtigung_kurzbz).";";
 			}
 			else 
 			{
 				//Insert
-				$qry = "INSERT INTO system.tbl_rolleberechtigung (rolle_kurzbz, berechtigung_kurzbz, art) VALUES('".
-						addslashes($this->rolle_kurzbz)."','".
-						addslashes($this->berechtigung_kurzbz)."','".
-						addslashes($this->art)."');";
+				$qry = "INSERT INTO system.tbl_rolleberechtigung (rolle_kurzbz, berechtigung_kurzbz, art) VALUES(".
+						$this->db_add_param($this->rolle_kurzbz).",".
+						$this->db_add_param($this->berechtigung_kurzbz).",".
+						$this->db_add_param($this->art).");";
 			}
 			
 			if($this->db_query($qry))
@@ -290,14 +290,14 @@ class berechtigung extends basis_db
 		if($new)
 		{
 			$qry = "INSERT INTO system.tbl_rolle(rolle_kurzbz, beschreibung) VALUES(".
-					$this->addslashes($this->rolle_kurzbz).','.
-					$this->addslashes($this->beschreibung).');';
+					$this->db_add_param($this->rolle_kurzbz).','.
+					$this->db_add_param($this->beschreibung).');';
 		}
 		else 
 		{
 			$qry = 'UPDATE system.tbl_rolle 
-					SET beschreibung='.$this->addslashes($this->beschreibung).'
-					WHERE rolle_kurzbz='.$this->addslashes($this->rolle_kurzbz).';';
+					SET beschreibung='.$this->db_add_param($this->beschreibung).'
+					WHERE rolle_kurzbz='.$this->db_add_param($this->rolle_kurzbz).';';
 		}
 		
 		if($this->db_query($qry))
@@ -311,4 +311,4 @@ class berechtigung extends basis_db
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/betriebsmittel_betriebsmittelstatus.class.php b/include/betriebsmittel_betriebsmittelstatus.class.php
index f73ae85d0..fa259df03 100644
--- a/include/betriebsmittel_betriebsmittelstatus.class.php
+++ b/include/betriebsmittel_betriebsmittelstatus.class.php
@@ -66,7 +66,7 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		$this->errormsg='';
 		
 		$qry='SELECT * FROM wawi.tbl_betriebsmittel_betriebsmittelstatus
-			WHERE betriebsmittelbetriebsmittelstatus_id='.$this->addslashes(trim($betriebsmittelbetriebsmittelstatus_id));
+			WHERE betriebsmittelbetriebsmittelstatus_id='.$this->db_add_param(trim($betriebsmittelbetriebsmittelstatus_id), FHC_INTEGER);
 
 		if($this->db_query($qry))
 		{
@@ -91,7 +91,7 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -113,10 +113,10 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 		
 		$qry='SELECT * FROM wawi.tbl_betriebsmittel_betriebsmittelstatus
-			WHERE betriebsmittel_id='.$this->addslashes(trim($betriebsmittel_id));
+			WHERE betriebsmittel_id='.$this->db_add_param(trim($betriebsmittel_id), FHC_INTEGER);
 		
 		if (!is_null($betriebsmittelstatus_kurzbz) && !empty($betriebsmittelstatus_kurzbz))
-			$qry.=" and trim(betriebsmittelstatus_kurzbz)=".$this->addslashes(trim($betriebsmittelstatus_kurzbz)) ;
+			$qry.=" and trim(betriebsmittelstatus_kurzbz)=".$this->db_add_param(trim($betriebsmittelstatus_kurzbz)) ;
 		
 		// Sortierung
 		$qry.=' ORDER BY datum desc,updateamum desc,insertamum desc';
@@ -142,7 +142,7 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -166,7 +166,7 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 		
 		$qry=' SELECT * FROM wawi.tbl_betriebsmittel_betriebsmittelstatus
-			WHERE betriebsmittel_id='.$this->addslashes(trim($this->betriebsmittel_id)).'
+			WHERE betriebsmittel_id='.$this->db_add_param(trim($this->betriebsmittel_id), FHC_INTEGER).'
 			ORDER BY betriebsmittelbetriebsmittelstatus_id DESC LIMIT 1';
 		
 		if($this->db_query($qry))
@@ -192,7 +192,7 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -229,7 +229,7 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -253,25 +253,25 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 			$this->betriebsmittelbetriebsmittelstatus_id='';
 			$qry='BEGIN;INSERT INTO wawi.tbl_betriebsmittel_betriebsmittelstatus 
 			(betriebsmittel_id,betriebsmittelstatus_kurzbz,anmerkung,datum,insertamum,insertvon,updateamum,updatevon ) VALUES('.
-						$this->addslashes($this->betriebsmittel_id).','.
-						$this->addslashes($this->betriebsmittelstatus_kurzbz).','.
-						$this->addslashes($this->anmerkung).','.
-						($this->datum?$this->addslashes($this->datum):'now()').', '.
-					    ($this->insertamum?$this->addslashes($this->insertamum):'now()').', '.
-					    $this->addslashes($this->insertvon).', '.
-			    		($this->updateamum?$this->addslashes($this->updateamum):'now()').', '.
-					     $this->addslashes((empty($this->updatevon)?$this->updatevon:$this->insertvon))	.'); ';
+						$this->db_add_param($this->betriebsmittel_id, FHC_INTEGER).','.
+						$this->db_add_param($this->betriebsmittelstatus_kurzbz).','.
+						$this->db_add_param($this->anmerkung).','.
+						($this->datum?$this->db_add_param($this->datum):'now()').', '.
+					    ($this->insertamum?$this->db_add_param($this->insertamum):'now()').', '.
+					    $this->db_add_param($this->insertvon).', '.
+			    		($this->updateamum?$this->db_add_param($this->updateamum):'now()').', '.
+					     $this->db_add_param((empty($this->updatevon)?$this->updatevon:$this->insertvon))	.'); ';
 		}
 		else 
 		{
 			$qry='UPDATE wawi.tbl_betriebsmittel_betriebsmittelstatus SET '.
-					"betriebsmittel_id =".$this->addslashes($this->betriebsmittel_id).', '.
-					"betriebsmittelstatus_kurzbz =".$this->addslashes($this->betriebsmittelstatus_kurzbz).', '.
-					"anmerkung =".$this->addslashes($this->anmerkung).', '.					
-					"datum =".($this->datum?$this->addslashes($this->datum):'now()').', '.
-					"updateamum =".($this->updateamum?$this->addslashes($this->updateamum):'now()').', '.
-					"updatevon =".$this->addslashes((empty($this->updatevon)?$this->updatevon:$this->insertvon)).' '.
-					" WHERE betriebsmittelbetriebsmittelstatus_id=".$this->addslashes($this->betriebsmittelbetriebsmittelstatus_id);
+					"betriebsmittel_id =".$this->db_add_param($this->betriebsmittel_id, FHC_INTEGER).', '.
+					"betriebsmittelstatus_kurzbz =".$this->db_add_param($this->betriebsmittelstatus_kurzbz).', '.
+					"anmerkung =".$this->db_add_param($this->anmerkung).', '.					
+					"datum =".($this->datum?$this->db_add_param($this->datum):'now()').', '.
+					"updateamum =".($this->updateamum?$this->db_add_param($this->updateamum):'now()').', '.
+					"updatevon =".$this->db_add_param((empty($this->updatevon)?$this->updatevon:$this->insertvon)).' '.
+					" WHERE betriebsmittelbetriebsmittelstatus_id=".$this->db_add_param($this->betriebsmittelbetriebsmittelstatus_id, FHC_INTEGER, false);
 		}
 
 		
@@ -291,14 +291,14 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 					else 
 					{
 						$this->db_query('ROLLBACK;');
-						$this->errormsg = 'Fehler beim Lesen der Sequence '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+						$this->errormsg = 'Fehler beim Lesen der Sequence';
 						return false;
 					}
 				}
 				else 
 				{
 					$this->db_query('ROLLBACK;');
-					$this->errormsg = 'Fehler beim Lesen der Sequence '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+					$this->errormsg = 'Fehler beim Lesen der Sequence';
 					return false;
 				}
 			}
@@ -306,7 +306,7 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Speichern des Betriebsmittel Betriebsmittelstatus-Datensatzes '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Speichern des Betriebsmittel Betriebsmittelstatus-Datensatzes';
 			return false;
 		}
 	}
@@ -328,14 +328,14 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 
 		$qry='DELETE from wawi.tbl_betriebsmittel_betriebsmittelstatus '.
-			' WHERE betriebsmittelbetriebsmittelstatus_id='.$this->addslashes($this->betriebsmittelbetriebsmittelstatus_id);
+			' WHERE betriebsmittelbetriebsmittelstatus_id='.$this->db_add_param($this->betriebsmittelbetriebsmittelstatus_id, FHC_INTEGER);
 		if($this->db_query($qry))
 		{
 			return true;
 		}
 		else
 		{			
-			$this->errormsg = 'Fehler beim Entfernen des Betriebsmittel Betriebsmittelstatus-Datensatzes '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Entfernen des Betriebsmittel Betriebsmittelstatus-Datensatzes';
 			return false;
 		}	
 	}	
@@ -358,16 +358,16 @@ class betriebsmittel_betriebsmittelstatus extends basis_db
 		}
 
 		$qry='DELETE from wawi.tbl_betriebsmittel_betriebsmittelstatus '.
-			' WHERE betriebsmittel_id='.$this->addslashes($betriebsmittel_id);
+			' WHERE betriebsmittel_id='.$this->db_add_param($betriebsmittel_id, FHC_INTEGER);
 		if($this->db_query($qry))
 		{
 			return true;
 		}
 		else
 		{			
-			$this->errormsg = 'Fehler beim Entfernen des Betriebsmittel Betriebsmittelstatus-Datensatzes '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Entfernen des Betriebsmittel Betriebsmittelstatus-Datensatzes';
 			return false;
 		}	
 	}	
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/betriebsmittelstatus.class.php b/include/betriebsmittelstatus.class.php
index 51f32ca9a..fbce86c6e 100644
--- a/include/betriebsmittelstatus.class.php
+++ b/include/betriebsmittelstatus.class.php
@@ -28,15 +28,12 @@ require_once(dirname(__FILE__).'/basis_db.class.php');
 
 class betriebsmittelstatus extends basis_db
 {
-	private $schema_inventar='wawi';
-	public $debug=false;   	// boolean
-	
 	public $new;
 	public $result = array();
 	
 	//Tabellenspalten
 	public $betriebsmittelstatus_kurzbz;	//string
-	public $beschreibung;   	//string
+	public $beschreibung;					//string
 	
 	/**
 	 * Konstruktor
@@ -59,18 +56,9 @@ class betriebsmittelstatus extends basis_db
 	{	
 		$this->result=array();
 		$this->errormsg = '';			
-		$qry='';
-		$where='';
 
-		$qry.=' select * FROM '.$this->schema_inventar.'.tbl_betriebsmittelstatus';
-		// Bedingungen hinzufuegen
-
-		$where.=" where trim(UPPER(betriebsmittelstatus_kurzbz))=".$this->addslashes(mb_strtoupper(trim($betriebsmittelstatus_kurzbz))) ;
-
-		$qry.=$where;
-
-		// Sortierung
-		$qry.=' order by betriebsmittelstatus_kurzbz ';
+		$qry=" SELECT * FROM wawi.tbl_betriebsmittelstatus
+				WHERE trim(UPPER(betriebsmittelstatus_kurzbz))=".$this->db_add_param(mb_strtoupper(trim($betriebsmittelstatus_kurzbz)));
 
 		if($this->db_query($qry))
 		{
@@ -85,7 +73,7 @@ class betriebsmittelstatus extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -97,17 +85,8 @@ class betriebsmittelstatus extends basis_db
 	{
 		$this->result=array();
 		$this->errormsg = '';			
-		$qry='';
-		$where='';
 
-		$qry.=' select * FROM '.$this->schema_inventar.'.tbl_betriebsmittelstatus';
-		$qry.="	where betriebsmittelstatus_kurzbz >'' ";
-
-		// Bedingungen hinzufuegen
-		$qry.=$where;
-
-		// Sortierung
-		$qry.=' order by betriebsmittelstatus_kurzbz ';
+		$qry='SELECT * FROM wawi.tbl_betriebsmittelstatus ORDER BY betriebsmittelstatus_kurzbz ';
 		
 		if($this->db_query($qry))
 		{
@@ -122,7 +101,7 @@ class betriebsmittelstatus extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -133,30 +112,20 @@ class betriebsmittelstatus extends basis_db
 	 */
 	public function save()
 	{		
-/*
-betriebsmittelbetriebsmittelstatus_id integer NOT NULL DEFAULT nextval('wawi.tbl_betriebsmittel_betriebsmi_betriebsmittelbetriebsmittels_seq'::regclass),
-  betriebsmittel_id integer NOT NULL,
-  betriebsmittelstatus_kurzbz character varying(16) NOT NULL,
-  datum bigint,
-  updateamum timestamp without time zone,
-  updatevon character varying(32),
-  insertamum timestamp without time zone,
-  insertvon character varying(32),
-*/	
 		$this->errormsg = '';	
 		$qry='';
 		if($this->new)
 		{
-			$qry='INSERT INTO '.$this->schema_inventar.'.tbl_betriebsmittelstatus 
+			$qry='INSERT INTO wawi.tbl_betriebsmittelstatus 
 			(betriebsmittelstatus_kurzbz, beschreibung ) 
-						VALUES('.$this->addslashes($this->betriebsmittelstatus_kurzbz)
-						.','.$this->addslashes($this->beschreibung).'); ';
+						VALUES('.$this->db_add_param($this->betriebsmittelstatus_kurzbz)
+						.','.$this->db_add_param($this->beschreibung).'); ';
 		}
 		else 
 		{
-			$qry='UPDATE '.$this->schema_inventar.'.tbl_betriebsmittelstatus SET '.
-					"beschreibung =".$this->addslashes($this->beschreibung) .
-					" WHERE betriebsmittelstatus_kurzbz=".$this->addslashes($this->betriebsmittelstatus_kurzbz);
+			$qry='UPDATE wawi.tbl_betriebsmittelstatus SET '.
+					"beschreibung =".$this->db_add_param($this->beschreibung) .
+					" WHERE betriebsmittelstatus_kurzbz=".$this->db_add_param($this->betriebsmittelstatus_kurzbz);
 		}
 			
 		if($this->db_query($qry))
@@ -165,7 +134,7 @@ betriebsmittelbetriebsmittelstatus_id integer NOT NULL DEFAULT nextval('wawi.tbl
 		}
 		else
 		{			
-			$this->errormsg = 'Fehler beim speichern des Betriebsmittelstatus-Datensatzes '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim speichern des Betriebsmittelstatus-Datensatzes';
 			return false;
 		}	
 	}
@@ -177,8 +146,8 @@ betriebsmittelbetriebsmittelstatus_id integer NOT NULL DEFAULT nextval('wawi.tbl
 	public function delete()
 	{		
 		$this->errormsg = '';	
-		$qry='DELETE '.$this->schema_inventar.'.tbl_betriebsmittelstatus '.
-			" WHERE betriebsmittelstatus_kurzbz=".$this->addslashes($this->betriebsmittelstatus_kurzbz);
+		$qry='DELETE FROM wawi.tbl_betriebsmittelstatus '.
+			" WHERE betriebsmittelstatus_kurzbz=".$this->db_add_param($this->betriebsmittelstatus_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -186,9 +155,9 @@ betriebsmittelbetriebsmittelstatus_id integer NOT NULL DEFAULT nextval('wawi.tbl
 		}
 		else
 		{			
-			$this->errormsg = 'Fehler beim entfernen des Betriebsmittelstatus-Datensatzes '.($this->debug?$this->db_last_error()."<br />$qry<br />":'');
+			$this->errormsg = 'Fehler beim entfernen des Betriebsmittelstatus-Datensatzes';
 			return false;
 		}	
 	}	
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/betriebsmitteltyp.class.php b/include/betriebsmitteltyp.class.php
index 56881e251..a4fddf0cb 100644
--- a/include/betriebsmitteltyp.class.php
+++ b/include/betriebsmitteltyp.class.php
@@ -60,10 +60,10 @@ class betriebsmitteltyp extends basis_db
 	{		
 		$this->result=array();
 		$this->errormsg = '';
-		$search = mb_strtoupper(trim(addslashes(str_replace(array('*',';',' ',"'",'"'),'%',trim($betriebsmitteltyp)))));
+		$search = mb_strtoupper(trim(str_replace(array('*',';',' ',"'",'"'),'%',trim($betriebsmitteltyp))));
 		$qry=" 
 			SELECT * FROM wawi.tbl_betriebsmitteltyp 
-			WHERE trim(UPPER(betriebsmitteltyp)) like '%".$search."%'
+			WHERE trim(UPPER(betriebsmitteltyp)) like '%".$this->db_escape($search)."%'
 			ORDER BY betriebsmitteltyp";
 		
 		if($this->db_query($qry))
@@ -82,7 +82,7 @@ class betriebsmitteltyp extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error():'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -95,7 +95,9 @@ class betriebsmitteltyp extends basis_db
 	{
 		$this->result=array();
 		$this->errormsg = '';
-		$qry = "SELECT * FROM wawi.tbl_betriebsmitteltyp ORDER BY ".$order;
+		$qry = "SELECT * FROM wawi.tbl_betriebsmitteltyp";
+		if($order!='')
+			$qry.=" ORDER BY ".$order;
 		
 		if($this->db_query($qry))
 		{
@@ -115,7 +117,7 @@ class betriebsmitteltyp extends basis_db
 		}
 		else 
 		{
-			$this->errormsg = 'Fehler beim Laden der Daten '.($this->debug?$this->db_last_error():'');
+			$this->errormsg = 'Fehler beim Laden der Daten';
 			return false;
 		}
 	}
@@ -134,20 +136,20 @@ class betriebsmitteltyp extends basis_db
 		if($new)
 		{
 			$qry="INSERT INTO wawi.tbl_betriebsmitteltyp (betriebsmitteltyp, beschreibung, anzahl, kaution , typ_code)
-					VALUES(".$this->addslashes($this->betriebsmitteltyp).",".
-						$this->addslashes($this->beschreibung).",".
-						$this->addslashes($this->anzahl).",".
-						$this->addslashes($this->kaution).",".
-						$this->addslashes($this->typ_code).");";
+					VALUES(".$this->db_add_param($this->betriebsmitteltyp).",".
+						$this->db_add_param($this->beschreibung).",".
+						$this->db_add_param($this->anzahl).",".
+						$this->db_add_param($this->kaution).",".
+						$this->db_add_param($this->typ_code).");";
 		}
 		else 
 		{
 			$qry='UPDATE wawi.tbl_betriebsmitteltyp SET '.
-				'beschreibung ='.$this->addslashes($this->beschreibung).', '.
-				'anzahl ='.$this->addslashes($this->anzahl).', '.
-				'kaution ='.$this->addslashes($this->kaution).', '.
-				'typ_code ='.$this->addslashes($this->typ_code).' '.
-				'WHERE betriebsmitteltyp='.$this->addslashes($this->betriebsmitteltyp).'; ' ;	
+				'beschreibung ='.$this->db_add_param($this->beschreibung).', '.
+				'anzahl ='.$this->db_add_param($this->anzahl).', '.
+				'kaution ='.$this->db_add_param($this->kaution).', '.
+				'typ_code ='.$this->db_add_param($this->typ_code).' '.
+				'WHERE betriebsmitteltyp='.$this->db_add_param($this->betriebsmitteltyp).'; ' ;	
 		}
 		
 		if($this->db_query($qry))
@@ -156,7 +158,7 @@ class betriebsmitteltyp extends basis_db
 		}
 		else
 		{			
-			$this->errormsg = 'Fehler beim Speichern des Betriebsmitteltypen-Datensatzes '.($this->debug?$this->db_last_error():'');
+			$this->errormsg = 'Fehler beim Speichern des Betriebsmitteltypen-Datensatzes';
 			return false;
 		}	
 	}
@@ -177,9 +179,9 @@ class betriebsmitteltyp extends basis_db
 		}
 		else
 		{			
-			$this->errormsg = 'Fehler beim Pruefen der Beschreibung des Betriebsmitteltypen-Datensatzes '.($this->debug?$this->db_last_error():'');
+			$this->errormsg = 'Fehler beim Pruefen der Beschreibung des Betriebsmitteltypen-Datensatzes';
 			return false;
 		}	
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/bisverwendung.class.php b/include/bisverwendung.class.php
index 631477ed8..5a294a016 100644
--- a/include/bisverwendung.class.php
+++ b/include/bisverwendung.class.php
@@ -103,18 +103,6 @@ class bisverwendung extends basis_db
 				$this->mitarbeiter_uid = $row->mitarbeiter_uid;
 				$this->hauptberufcode = $row->hauptberufcode;
                 $this->hauptberuflich = $this->db_parse_bool($row->hauptberuflich);
-                /**
-                
-				if($row->hauptberuflich=='t')
-					$this->hauptberuflich = true;
-				elseif($row->hauptberuflich=='f')
-					$this->hauptberuflich = false;
-				else 
-					$this->hauptberuflich = '';
-
-				$this->habilitation = ($row->habilitation=='t'?true:false);
-                  
-                 */
                 $this->habilitation = $this->db_parse_bool($row->habilitation); 
 				$this->beginn = $row->beginn;
 				$this->ende = $row->ende;
@@ -334,17 +322,7 @@ class bisverwendung extends basis_db
 				$obj->verwendung_code = $row->verwendung_code;
 				$obj->mitarbeiter_uid = $row->mitarbeiter_uid;
 				$obj->hauptberufcode = $row->hauptberufcode;
-                $obj->hauptberuflich = $this->db_parse_bool($row->hauptberuflich);
-                
-                /**
-				if($row->hauptberuflich=='t')
-					$obj->hauptberuflich = true;
-				elseif($row->hauptberuflich=='f')
-					$obj->hauptberuflich = false;
-				else 
-					$obj->hauptberuflich = '';
-				$obj->habilitation = ($row->habilitation=='t'?true:false);
-                 **/ 
+                $obj->hauptberuflich = $this->db_parse_bool($row->hauptberuflich);                
                 $obj->habilitation = $this->db_parse_bool($row->habilitation);
 				$obj->beginn = $row->beginn;
 				$obj->ende = $row->ende;
diff --git a/include/content.class.php b/include/content.class.php
index 4140c36e8..126e512b3 100644
--- a/include/content.class.php
+++ b/include/content.class.php
@@ -766,8 +766,8 @@ class content extends basis_db
 				$obj->updateamum = $row->updateamum;
 				$obj->insertamum = $row->insertamum;
 				$obj->insertvon = $row->insertvon;
-				$obj->aktiv = ($row->aktiv=='t'?true:false);
-				$obj->menu_open = ($row->menu_open=='t'?true:false);
+				$obj->aktiv = $this->db_parse_bool($row->aktiv);
+				$obj->menu_open = $this->db_parse_bool($row->menu_open);
 				$obj->beschreibung = $row->beschreibung;
 				
 				$this->result[] = $obj;
@@ -809,8 +809,8 @@ class content extends basis_db
 				$obj->updateamum = $row->updateamum;
 				$obj->insertamum = $row->insertamum;
 				$obj->insertvon = $row->insertvon;
-				$obj->aktiv = ($row->aktiv=='t'?true:false);
-				$obj->menu_open = ($row->menu_open=='t'?true:false);
+				$obj->aktiv = $this->db_parse_bool($row->aktiv);
+				$obj->menu_open = $this->db_parse_bool($row->menu_open);
 				$obj->beschreibung = $row->beschreibung;
 				
 				$this->result[] = $obj;
diff --git a/include/dms.class.php b/include/dms.class.php
index 84fca4baa..0e1e07d92 100644
--- a/include/dms.class.php
+++ b/include/dms.class.php
@@ -633,11 +633,11 @@ class dms extends basis_db
 	public function search($suchstring)
 	{
 		$qry = "SELECT * FROM campus.tbl_dms  JOIN campus.tbl_dms_version USING(dms_id)
-				WHERE lower(name) like lower('%".addslashes($suchstring)."%')
-				OR lower(beschreibung) like lower('%".addslashes($suchstring)."%')
+				WHERE lower(name) like lower('%".$this->db_escape($suchstring)."%')
+				OR lower(beschreibung) like lower('%".$this->db_escape($suchstring)."%')
 				";
 		if (is_numeric($suchstring))
-			$qry.= "OR dms_id = ".addslashes($suchstring)."";
+			$qry.= "OR dms_id = ".$this->db_escape($suchstring)."";
 
 			$qry.=";";
 		
diff --git a/include/dokument.class.php b/include/dokument.class.php
index 1fddd16bd..170b70068 100644
--- a/include/dokument.class.php
+++ b/include/dokument.class.php
@@ -483,7 +483,7 @@ class dokument extends basis_db
 	/**
 	 * Prueft ob die Zuordnung Dokument zu Studiengang bereits vorhanden ist
 	 * @param $dokument_kurzbz
-	 * @parma $studiengang_kz
+	 * @param $studiengang_kz
 	 * @return true wenn vorhanden, false wenn nicht vorhanden
 	 */
 	public function existsDokumentStudiengang($dokument_kurzbz, $studiengang_kz)
@@ -610,7 +610,7 @@ class dokument extends basis_db
     
 	/**
 	 * Loescht einen Dokumenttyp
-	 * @parma $dokument_kurzbz
+	 * @param $dokument_kurzbz
 	 * @return true wenn ok, false im Fehlerfall
 	 */
 	function deleteDokumenttyp($dokument_kurzbz)
diff --git a/include/fachbereich.class.php b/include/fachbereich.class.php
index 8b6531824..23aedb187 100644
--- a/include/fachbereich.class.php
+++ b/include/fachbereich.class.php
@@ -67,8 +67,6 @@ class fachbereich extends basis_db
 			return false;
 		}
 
-		// Don't turn to garbage when getAll is called twice.
-		// TODO: Should most likely also be done in 'loadArray' [and every other file], but I don't know what it's used for.
 		$this->result = array();
 		
 		while($row = $this->db_fetch_object())
@@ -101,8 +99,7 @@ class fachbereich extends basis_db
 		if(count($kurzbzs)==0)
 			return true;
 		
-		$kurzbzs = "'".implode("','",$kurzbzs)."'";
-		$qry = 'SELECT * FROM public.tbl_fachbereich WHERE fachbereich_kurzbz in('.$kurzbzs.')';
+		$qry = 'SELECT * FROM public.tbl_fachbereich WHERE fachbereich_kurzbz in('.$this->implode4SQL($kurzbzs).')';
 		if ($aktiv)
 			$qry.=' AND aktiv=true';
 
@@ -286,4 +283,4 @@ class fachbereich extends basis_db
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/firma.class.php b/include/firma.class.php
index 263ea1ee9..4a4f13b24 100644
--- a/include/firma.class.php
+++ b/include/firma.class.php
@@ -363,7 +363,7 @@ class firma extends basis_db
 		
 		if (!empty($firma_search))
 		{
-			$matchcode=mb_strtoupper(addslashes(str_replace(array('<','>',' ',';','*','_','-',',',"'",'"'),"%",$firma_search)));
+			$matchcode=mb_strtoupper(str_replace(array('<','>',' ',';','*','_','-',',',"'",'"'),"%",$firma_search));
 			//Zuerst werden die Ergebnisse geliefert, die mit $filter_search beginnen
 			//danach jene Ergebnisse bei denen $filter_search innerhalb des Namens vorkommt
 			$qry = "
@@ -373,15 +373,15 @@ class firma extends basis_db
 					ext_id, schule, steuernummer, gesperrt, aktiv, finanzamt, '1' as sort 
 				FROM public.tbl_firma 
 				WHERE 
-				UPPER(trim(public.tbl_firma.name)) like '".$matchcode."%'
+				UPPER(trim(public.tbl_firma.name)) like '".$this->db_escape($matchcode)."%'
 				UNION 
 				SELECT 
 					firma_id, name, anmerkung, firmentyp_kurzbz, updateamum, updatevon, insertamum, insertvon,
 					ext_id, schule, steuernummer, gesperrt, aktiv, finanzamt, '2' as sort 
 				FROM public.tbl_firma 
 				WHERE 
-				UPPER(trim(public.tbl_firma.name)) like '%".$matchcode."%'
-				AND UPPER(trim(public.tbl_firma.name)) NOT like '".$matchcode."%'
+				UPPER(trim(public.tbl_firma.name)) like '%".$this->db_escape($matchcode)."%'
+				AND UPPER(trim(public.tbl_firma.name)) NOT like '".$this->db_escape($matchcode)."%'
 				ORDER BY sort, name, firma_id;";
 		}
 		else
@@ -513,19 +513,19 @@ class firma extends basis_db
 		$qry.=" WHERE 1=1";
 
 		if($filter!='')
-			$qry.= " and ( lower(tbl_firma.name) like lower('%$filter%') 
-					OR lower(kurzbz) like lower('%$filter%') 			
+			$qry.= " and ( lower(tbl_firma.name) like lower('%".$this->db_escape($filter)."%') 
+					OR lower(kurzbz) like lower('%".$this->db_escape($filter)."%') 			
 					
-					OR lower(tbl_adresse.name) like lower('%$filter%') 
-					OR lower(plz) like lower('%$filter%') 
-					OR lower(ort) like lower('%$filter%') 
-					OR lower(strasse) like lower('%$filter%') 
+					OR lower(tbl_adresse.name) like lower('%".$this->db_escape($filter)."%') 
+					OR lower(plz) like lower('%".$this->db_escape($filter)."%') 
+					OR lower(ort) like lower('%".$this->db_escape($filter)."%') 
+					OR lower(strasse) like lower('%".$this->db_escape($filter)."%') 
 					
-					OR lower(bezeichnung) like lower('%$filter%') 
-					OR lower(anmerkung) like lower('%$filter%')
-					".(is_numeric($filter)?" OR tbl_firma.firma_id='$filter'":'')."
+					OR lower(bezeichnung) like lower('%".$this->db_escape($filter)."%') 
+					OR lower(anmerkung) like lower('%".$this->db_escape($filter)."%')
+					".(is_numeric($filter)?" OR tbl_firma.firma_id='".$this->db_escape($filter)."'":'')."
 					OR tbl_firma.firma_id IN (SELECT firma_id FROM public.tbl_firmatag 
-											  WHERE firma_id=tbl_firma.firma_id AND lower(tag) like lower('%$filter%'))
+											  WHERE firma_id=tbl_firma.firma_id AND lower(tag) like lower('%".$this->db_escape($filter)."%'))
 					 ) ";
 		
 		if($firmentyp_kurzbz!='')
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 2fa143234..310c6140b 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -104,7 +104,7 @@ function check_lektor($uid)
 	$db = new basis_db();
 	
 	// uid von View 'Lektor' holen
-	$sql_query="SELECT mitarbeiter_uid FROM public.tbl_mitarbeiter WHERE mitarbeiter_uid='".addslashes($uid)."'";
+	$sql_query="SELECT mitarbeiter_uid FROM public.tbl_mitarbeiter WHERE mitarbeiter_uid=".$db->db_add_param($uid);
 	//echo $sql_query;
 	if($db->db_query($sql_query))
 	{
@@ -128,9 +128,9 @@ function check_lektor_lehrveranstaltung($uid, $lehrveranstaltung_id, $studiensem
 	
 	// uid von View 'Lektor' holen
 	$sql_query="SELECT mitarbeiter_uid FROM campus.vw_lehreinheit
-				WHERE mitarbeiter_uid='".addslashes($uid)."' AND 
-				lehrveranstaltung_id = '".addslashes($lehrveranstaltung_id)."' AND 
-				studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."'";
+				WHERE mitarbeiter_uid=".$db->db_add_param($uid)." AND 
+				lehrveranstaltung_id=".$db->db_add_param($lehrveranstaltung_id, FHC_INTEGER)." AND 
+				studiensemester_kurzbz=".$db->db_add_param($studiensemester_kurzbz);
 	
 	//echo $sql_query;
 	if($db->db_query($sql_query))
@@ -154,7 +154,7 @@ function check_student($uid)
 	$db = new basis_db();
 	
 	// uid von Tabelle 'Student' holen
-	$sql_query="SELECT student_uid FROM public.tbl_student WHERE student_uid='".addslashes($uid)."'";
+	$sql_query="SELECT student_uid FROM public.tbl_student WHERE student_uid=".$this->db_add_param($uid);
 	//echo $sql_query;
 	if($db->db_query($sql_query))
 	{
diff --git a/include/konto.class.php b/include/konto.class.php
index 795249e29..df0ee68c9 100644
--- a/include/konto.class.php
+++ b/include/konto.class.php
@@ -87,7 +87,7 @@ class konto extends basis_db
 		}
 
 		$qry = "SELECT tbl_konto.*, anrede, titelpost, titelpre, nachname, vorname, vornamen, credit_points
-			FROM public.tbl_konto JOIN public.tbl_person USING (person_id) WHERE buchungsnr='$buchungsnr'";
+			FROM public.tbl_konto JOIN public.tbl_person USING (person_id) WHERE buchungsnr=".$this->db_add_param($buchungsnr, FHC_INTEGER);
 
 		if($this->db_query($qry))
 		{
@@ -348,17 +348,17 @@ class konto extends basis_db
 									(betrag + (SELECT CASE WHEN sum(betrag) is null THEN 0
 											            ELSE sum(betrag) END
 										         FROM public.tbl_konto WHERE buchungsnr_verweis=konto_a.buchungsnr))<>0
-									AND person_id='$person_id') OR
+									AND person_id=".$this->db_add_param($person_id, FHC_INTEGER).") OR
 					buchungsnr_verweis in (SELECT buchungsnr FROM public.tbl_konto as konto_a WHERE
 									(betrag + (SELECT CASE WHEN sum(betrag) is null THEN 0
 														ELSE sum(betrag) END
 												 FROM public.tbl_konto WHERE buchungsnr_verweis=konto_a.buchungsnr))<>0
-									AND person_id='$person_id')) $stgwhere ORDER BY buchungsdatum";
+									AND person_id=".$this->db_add_param($person_id, FHC_INTEGER).")) $stgwhere ORDER BY buchungsdatum";
 		}
 		else
 			$qry = "SELECT tbl_konto.*, anrede, titelpost, titelpre, nachname, vorname, vornamen
 					FROM public.tbl_konto JOIN public.tbl_person USING (person_id)
-					WHERE person_id='".$person_id."' $stgwhere ORDER BY buchungsdatum";
+					WHERE person_id=".$this->db_add_param($person_id, FHC_INTEGER)." $stgwhere ORDER BY buchungsdatum";
 		
 		if($this->db_query($qry))
 		{
@@ -415,7 +415,7 @@ class konto extends basis_db
 		$qry = "SELECT * FROM public.tbl_buchungstyp";
 		
 		if(!is_null($aktiv))
-			$qry.=" WHERE aktiv=".($aktiv?'true':'false');
+			$qry.=" WHERE aktiv=".$this->db_add_param($aktiv, FHC_BOOLEAN);
 		$qry.=" ORDER BY beschreibung";
 
 		if($this->db_query($qry))
@@ -429,7 +429,7 @@ class konto extends basis_db
 				$typ->standardbetrag = $row->standardbetrag;
 				$typ->standardtext = $row->standardtext;
 				$typ->credit_points = $row->credit_points;
-				$typ->aktiv = ($row->aktiv=='t'?true:false);
+				$typ->aktiv = $this->db_parse_bool($row->aktiv);
 
 				$this->result[] = $typ;
 			}
@@ -506,7 +506,7 @@ class konto extends basis_db
 
 
 		$qry = "SELECT sum(betrag) as differenz FROM public.tbl_konto 
-				WHERE buchungsnr='".$buch_nr[0]."' OR buchungsnr_verweis='".$buch_nr[0]."'";
+				WHERE buchungsnr=".$this->db_add_param($buch_nr[0])." OR buchungsnr_verweis=".$this->db_add_param($buch_nr[0]);
 
 		if($this->db_query($qry))
 		{
diff --git a/include/lehreinheit.class.php b/include/lehreinheit.class.php
index 50dcfcf28..77b687a81 100644
--- a/include/lehreinheit.class.php
+++ b/include/lehreinheit.class.php
@@ -329,7 +329,6 @@ class lehreinheit extends basis_db
 		}
 		if($this->raumtypalternativ=='')
 		{
-			//TODO
 			$this->raumtypalternativ='Dummy';
 		}
 		if(!is_bool($this->lehre))
@@ -491,16 +490,16 @@ class lehreinheit extends basis_db
 		//Lektoren SQL
 		$sql_lkt='';
 		foreach ($this->mitarbeiter_uid as $lkt)
-			$sql_lkt.="OR mitarbeiter_uid='".addslashes($lkt)."' ";
+			$sql_lkt.="OR mitarbeiter_uid=".$this->db_add_param($lkt).' ';
 		$sql_lkt=mb_substr($sql_lkt,3);
 		$sql_lkt="(($sql_lkt) AND mitarbeiter_uid!='_DummyLektor')";
 
 		// Datenbank abfragen
 		$sql_query="SELECT $stpl_id FROM $stpl_table
-					WHERE datum='".addslashes($datum)."' AND stunde='".addslashes($stunde)."'
-					AND (ort_kurzbz='".addslashes($ort)."' OR $sql_lkt)";
+					WHERE datum=".$this->db_add_param($datum)." AND stunde=".$this->db_add_param($stunde)."
+					AND (ort_kurzbz=".$this->db_add_param($ort)." OR $sql_lkt)";
 		if (is_numeric($this->unr))
-			$sql_query.=" AND unr!='".addslashes($this->unr)."'";
+			$sql_query.=" AND unr!=".$this->db_add_param($this->unr);
 				
 		if (!$this->db_query($sql_query))
 		{
@@ -515,22 +514,22 @@ class lehreinheit extends basis_db
 		{
 			//Gruppen / Verbaende pruefen
 			$sql_query="SELECT $stpl_id, studiengang_kz, semester, verband, gruppe_kurzbz, stunde, gruppe FROM $stpl_table
-					WHERE datum='".addslashes($datum)."' AND stunde='".addslashes($stunde)."'";
+					WHERE datum=".$this->db_add_param($datum)." AND stunde=".$this->db_add_param($stunde);
 			if (is_numeric($this->unr))
-				$sql_query.=" AND unr!='".addslashes($this->unr)."' AND (1=2 ";
+				$sql_query.=" AND unr!=".$this->db_add_param($this->unr)." AND (1=2 ";
 				
 			for($anz=0;$anz<count($this->studiengang_kz);$anz++)
 			{	
-				$sql_query.=" OR ((studiengang_kz=".$this->studiengang_kz[$anz]." AND semester=".$this->semester[$anz].")";
+				$sql_query.=" OR ((studiengang_kz=".$this->db_add_param($this->studiengang_kz[$anz])." AND semester=".$this->db_add_param($this->semester[$anz]).")";
 			
 				if ($this->gruppe_kurzbz[$anz]!=null && $this->gruppe_kurzbz[$anz]!='' && $this->gruppe_kurzbz[$anz]!=' ')
-					$sql_query.=" OR (gruppe_kurzbz='".$this->gruppe_kurzbz[$anz]."')";
+					$sql_query.=" OR (gruppe_kurzbz=".$this->db_add_param($this->gruppe_kurzbz[$anz]).")";
 				else
 				{
 					if ($this->verband[$anz]!=null && $this->verband[$anz]!='' && $this->verband[$anz]!=' ')
-						$sql_query.=" AND (verband='".$this->verband[$anz]."' OR verband IS NULL OR verband='' OR verband=' ')";
+						$sql_query.=" AND (verband=".$this->db_add_param($this->verband[$anz])." OR verband IS NULL OR verband='' OR verband=' ')";
 					if ($this->gruppe[$anz]!=null && $this->gruppe[$anz]!='' && $this->gruppe[$anz]!=' ')
-						$sql_query.=" AND (gruppe='".$this->gruppe[$anz]."' OR gruppe IS NULL OR gruppe='' OR gruppe=' ')";
+						$sql_query.=" AND (gruppe=".$this->db_add_param($this->gruppe[$anz])." OR gruppe IS NULL OR gruppe='' OR gruppe=' ')";
 				}
 				$sql_query.=')';
 			}	
@@ -558,8 +557,8 @@ class lehreinheit extends basis_db
 					$sql_lkt="(($sql_lkt) AND uid!='_DummyLektor')";
 					$sql_query="SELECT reservierung_id AS id, uid AS lektor, stg_kurzbz, ort_kurzbz, semester, verband, gruppe, gruppe_kurzbz, datum, stunde 
 								FROM lehre.vw_reservierung
-								WHERE datum='".addslashes($datum)."' AND stunde='".addslashes($stunde)."' 
-								AND (ort_kurzbz='".addslashes($ort)."' OR $sql_lkt)";
+								WHERE datum=".$this->db_add_param($datum)." AND stunde=".$this->db_add_param($stunde)."
+								AND (ort_kurzbz=".$this->db_add_param($ort)." OR $sql_lkt)";
 					
 					if (!$this->db_query($sql_query))
 					{
@@ -578,14 +577,14 @@ class lehreinheit extends basis_db
 							//Lektoren SQL
 							$sql_lkt='';
 							foreach ($this->mitarbeiter_uid as $lkt)
-								$sql_lkt.="OR mitarbeiter_uid='$lkt' ";
+								$sql_lkt.="OR mitarbeiter_uid=".$this->db_add_param($lkt)." ";
 							$sql_lkt=mb_substr($sql_lkt,3);
 							$sql_query="SELECT * FROM campus.tbl_zeitsperre
 											WHERE ($sql_lkt) AND 
-												(  (vondatum<'$datum' AND bisdatum>'$datum') 
-												OR (vondatum='$datum' AND bisdatum='$datum' AND vonstunde<=$stunde AND bisstunde>=$stunde)
-												OR (vondatum='$datum' AND bisdatum>'$datum' AND vonstunde<=$stunde)
-												OR (vondatum<'$datum' AND bisdatum='$datum' AND bisstunde>=$stunde) )";	
+												(  (vondatum<".$this->db_add_param($datum)." AND bisdatum>".$this->db_add_param($datum).") 
+												OR (vondatum=".$this->db_add_param($datum)." AND bisdatum=".$this->db_add_param($datum)." AND vonstunde<=".$this->db_add_param($stunde)." AND bisstunde>=".$this->db_add_param($stunde).")
+												OR (vondatum=".$this->db_add_param($datum)." AND bisdatum>".$this->db_add_param($datum)." AND vonstunde<=".$this->db_add_param($stunde).")
+												OR (vondatum<".$this->db_add_param($datum)." AND bisdatum=".$this->db_add_param($datum)." AND bisstunde>=".$this->db_add_param($stunde).") )";	
 							//echo $sql_query.'<br>';
 							if (!$this->db_query($sql_query))
 							{
@@ -661,17 +660,24 @@ class lehreinheit extends basis_db
 			$sql_query="INSERT INTO $stpl_table
 				(unr,mitarbeiter_uid,datum,	stunde,	ort_kurzbz,lehreinheit_id,studiengang_kz,semester,verband,
 				gruppe,	gruppe_kurzbz,	titel, updatevon)
-				VALUES ($this->unr,'".$this->mitarbeiter_uid[$i]."','$datum',$stunde,
-				'$ort',$this->lehreinheit_id, ".$this->studiengang_kz[$i].",".$this->semester[$i].",
-				'".$this->verband[$i]."','".$this->gruppe[$i]."'";
+				VALUES (".$this->db_add_param($this->unr).",".
+						$this->db_add_param($this->mitarbeiter_uid[$i]).",".
+						$this->db_add_param($datum).",".
+						$this->db_add_param($stunde).",".
+						$this->db_add_param($ort).",".
+						$this->db_add_param($this->lehreinheit_id, FHC_INTEGER).", ".
+						$this->db_add_param($this->studiengang_kz[$i]).",".
+						$this->db_add_param($this->semester[$i]).",".
+						$this->db_add_param(trim($this->verband[$i]), FHC_STRING, false).",".
+						$this->db_add_param(trim($this->gruppe[$i]), FHC_STRING, false);
 			if ($this->gruppe_kurzbz[$i]==null)
 				$sql_query.=',NULL';
 			else
-				$sql_query.=",'".$this->gruppe_kurzbz[$i]."'";
-			$sql_query.=",'".$this->titel[$i]."','$user')";
+				$sql_query.=",".$this->db_add_param($this->gruppe_kurzbz[$i]);
+			$sql_query.=",".$this->db_add_param($this->titel[$i]).",".$this->db_add_param($user).")";
 			if (!$this->db_query($sql_query))
 			{
-				$this->errormsg=$this->db_last_error();
+				$this->errormsg=$this->db_last_error().$sql_query;
 				return false;
 			}
 		}
diff --git a/include/lehreinheitgruppe.class.php b/include/lehreinheitgruppe.class.php
index ea1adf4cf..bf8ed01df 100644
--- a/include/lehreinheitgruppe.class.php
+++ b/include/lehreinheitgruppe.class.php
@@ -187,7 +187,7 @@ class lehreinheitgruppe extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Speichern der GruppeLE:'.$qry;
+			$this->errormsg = 'Fehler beim Speichern der GruppeLE';
 			return false;
 		}
 	}
@@ -421,4 +421,4 @@ class lehreinheitgruppe extends basis_db
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/lehrstunde.class.php b/include/lehrstunde.class.php
index 6d8bd5f99..5cf8e3a82 100644
--- a/include/lehrstunde.class.php
+++ b/include/lehrstunde.class.php
@@ -154,10 +154,10 @@ class lehrstunde extends basis_db
 		{
 			// update
 			$sql_query='UPDATE '.$stpl_table;
-			$sql_query.=" SET datum=".$this->addslashes($this->datum).", stunde=".$this->addslashes($this->stunde);
-			$sql_query.=", ort_kurzbz=".$this->addslashes($this->ort_kurzbz).", mitarbeiter_uid=".$this->addslashes($this->lektor_uid);
-			$sql_query.=", updateamum=now(), updatevon=".$this->addslashes($uid);
-			$sql_query.=" WHERE $stpl_id=$this->stundenplan_id;";
+			$sql_query.=" SET datum=".$this->db_add_param($this->datum).", stunde=".$this->db_add_param($this->stunde);
+			$sql_query.=", ort_kurzbz=".$this->db_add_param($this->ort_kurzbz).", mitarbeiter_uid=".$this->db_add_param($this->lektor_uid);
+			$sql_query.=", updateamum=now(), updatevon=".$this->db_add_param($uid);
+			$sql_query.=" WHERE $stpl_id=".$this->db_add_param($this->stundenplan_id);
 
 			$this->lastqry = $sql_query;
 			//Datenbankabfrage
@@ -183,10 +183,10 @@ class lehrstunde extends basis_db
 		$stpl_table='lehre.'.TABLE_BEGIN.$stpl_table;
 		
 		$sql_query='UPDATE '.$stpl_table;
-		$sql_query.=" SET datum='".addslashes($this->datum)."', stunde='".addslashes($this->stunde)."'";
-		$sql_query.=", ort_kurzbz='".addslashes($this->ort_kurzbz)."', mitarbeiter_uid='".addslashes($this->lektor_uid)."'";
-		$sql_query.=", updateamum='".addslashes($this->updateamum)."', updatevon='".addslashes($this->updatevon)."'";
-		$sql_query.=" WHERE $stpl_id='".addslashes($this->stundenplan_id)."';";
+		$sql_query.=" SET datum=".$this->db_add_param($this->datum).", stunde=".$this->db_add_param($this->stunde);
+		$sql_query.=", ort_kurzbz=".$this->db_add_param($this->ort_kurzbz).", mitarbeiter_uid=".$this->db_add_param($this->lektor_uid);
+		$sql_query.=", updateamum=".$this->db_add_param($this->updateamum).", updatevon=".$this->db_add_param($this->updatevon);
+		$sql_query.=" WHERE $stpl_id=".$this->db_add_param($this->stundenplan_id).";";
 		
 		return $sql_query;
 	}
@@ -205,7 +205,7 @@ class lehrstunde extends basis_db
 		$stpl_table='lehre.'.TABLE_BEGIN.$stpl_table;
 		// Delete SQL vorbereiten
 		$sql_query='DELETE FROM '.$stpl_table;
-		$sql_query.=" WHERE $stpl_id=$id";
+		$sql_query.=" WHERE $stpl_id=".$this->db_add_param($id);
 		
 		//Datenbankrequest
 		if (!$this->db_query($sql_query))
@@ -293,7 +293,7 @@ class lehrstunde extends basis_db
 		if ($type=='student')
 		{
 			// Lehrverband ermitteln
-			$sql_query="SELECT studiengang_kz, semester, verband, gruppe FROM public.tbl_student WHERE student_uid='".addslashes($uid)."'";
+			$sql_query="SELECT studiengang_kz, semester, verband, gruppe FROM public.tbl_student WHERE student_uid=".$this->db_add_param($uid);
 			
 			if (!$this->db_query($sql_query) )
 			{
@@ -319,7 +319,7 @@ class lehrstunde extends basis_db
 				$studiensemester_obj = new studiensemester();
 				$this->ss=$studiensemester_obj->getNearest();
 			}
-			$sql_query="SELECT gruppe_kurzbz FROM public.tbl_benutzergruppe WHERE uid='".addslashes($uid)."' AND (studiensemester_kurzbz='".addslashes($this->ss)."' OR studiensemester_kurzbz IS NULL)";
+			$sql_query="SELECT gruppe_kurzbz FROM public.tbl_benutzergruppe WHERE uid=".$this->db_add_param($uid)." AND (studiensemester_kurzbz=".$this->db_add_param($this->ss)." OR studiensemester_kurzbz IS NULL)";
 
 			if (!$result_einheit=$this->db_query($sql_query))
 			{
@@ -335,29 +335,29 @@ class lehrstunde extends basis_db
 		$sql_query_stdplan='SELECT * FROM '.$stpl_view;
 		if ($type!='idList')
 		{
-			$sql_query=" WHERE datum>='$datum_von' AND datum<'$datum_bis'";
+			$sql_query=" WHERE datum>=".$this->db_add_param($datum_von)." AND datum<".$this->db_add_param($datum_bis);
 			if ($type=='lektor')
-				$sql_query.=" AND uid='".addslashes($uid)."'";
+				$sql_query.=" AND uid=".$this->db_add_param($uid);
 			elseif ($type=='ort')
-				$sql_query.=" AND ort_kurzbz='".addslashes($ort_kurzbz)."'";
+				$sql_query.=" AND ort_kurzbz=".$this->db_add_param($ort_kurzbz);
 			elseif ($type=='gruppe')
-				$sql_query.=" AND gruppe_kurzbz='".addslashes($gruppe_kurzbz)."'";
+				$sql_query.=" AND gruppe_kurzbz=".$this->db_add_param($gruppe_kurzbz);
 			elseif($type=='fachbereich')
 				$sql_query.=" AND fachbereich_kurzbz=".$this->db_add_param($fachbereich_kurzbz);
 			else
 			{
-				$sql_query.=" AND ( (studiengang_kz='".addslashes($studiengang_kz)."'";
+				$sql_query.=" AND ( (studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER);
 				if ($sem!=null && $sem>=0  && $sem!='')
 				{
-					$sql_query.=" AND (semester='".addslashes($sem)."' OR semester IS NULL";
+					$sql_query.=" AND (semester=".$this->db_add_param($sem)." OR semester IS NULL";
 					if ($type=='student' && $sem>0)
-						$sql_query.=" OR semester='".addslashes(($sem+1))."'";
+						$sql_query.=" OR semester=".$this->db_add_param(($sem+1));
 					$sql_query.=')';
 				}
 				if ($ver!='0' && $ver!=null && $ver!='')
-					$sql_query.=" AND (verband='".addslashes($ver)."' OR verband IS NULL OR verband='0' OR verband='')";
+					$sql_query.=" AND (verband=".$this->db_add_param($ver)." OR verband IS NULL OR verband='0' OR verband='')";
 				if ($grp!='0' && $grp!=null && $grp!='')
-					$sql_query.=" AND (gruppe='".addslashes($grp)."' OR gruppe IS NULL OR gruppe='0' OR gruppe='')";
+					$sql_query.=" AND (gruppe=".$this->db_add_param($grp)." OR gruppe IS NULL OR gruppe='0' OR gruppe='')";
 				if ($type=='student')
 					$sql_query.=' AND gruppe_kurzbz IS NULL';
 				$sql_query.=' )';
@@ -365,7 +365,7 @@ class lehrstunde extends basis_db
 				for ($i=0;$i<$num_rows_einheit;$i++)
 				{
 					$row=$this->db_fetch_object($result_einheit,$i);
-					$sql_query.=" OR gruppe_kurzbz='".addslashes($row->gruppe_kurzbz)."'";
+					$sql_query.=" OR gruppe_kurzbz=".$this->db_add_param($row->gruppe_kurzbz);
 				}
 				$sql_query.=')';
 			}
@@ -376,7 +376,7 @@ class lehrstunde extends basis_db
 		{
 			$sql_query='';
 			foreach ($idList as $id)
-				$sql_query.=" OR ".$stpl_id."='".addslashes($id)."'";
+				$sql_query.=" OR ".$stpl_id."=".$this->db_add_param($id);
 			$sql_query=mb_substr($sql_query,3);
 			$sql_query_stdplan.=' WHERE'.$sql_query;
 		}
@@ -490,9 +490,9 @@ class lehrstunde extends basis_db
 
 		// Stundenplandaten ermitteln
 		// Abfrage generieren
-		$sql="SELECT * FROM ".$stpl_table." WHERE lehreinheit_id='".addslashes($lehreinheit_id)."'";
+		$sql="SELECT * FROM ".$stpl_table." WHERE lehreinheit_id=".$this->db_add_param($lehreinheit_id, FHC_INTEGER);
 		if ($uid!=null && !is_null($uid))
-			$sql.=" AND mitarbeiter_uid='".addslashes($uid)."'";
+			$sql.=" AND mitarbeiter_uid=".$this->db_add_param($uid);
 		
 		//Datenbankabfrage
 		if (!$this->db_query($sql))
@@ -560,29 +560,29 @@ class lehrstunde extends basis_db
 	
 		// Datenbank abfragen
 		$sql_query="SELECT $stpl_id AS id, lektor, stg_kurzbz, ort_kurzbz, semester, verband, gruppe, gruppe_kurzbz, datum, stunde FROM $stpl_table
-				WHERE datum='".addslashes($this->datum)."' AND stunde='".addslashes($this->stunde)."' AND (ort_kurzbz='".addslashes($this->ort_kurzbz)."' ";
+				WHERE datum=".$this->db_add_param($this->datum)." AND stunde=".$this->db_add_param($this->stunde)." AND (ort_kurzbz=".$this->db_add_param($this->ort_kurzbz)." ";
 		if ($this->lektor_uid!='_DummyLektor')
-			$sql_query.=" OR (uid='".addslashes($this->lektor_uid)."' AND uid!='_DummyLektor') ";
+			$sql_query.=" OR (uid=".$this->db_add_param($this->lektor_uid)." AND uid!='_DummyLektor') ";
 		
 		//Wenn eine Kollisionspruefung auf Studentenebene durchgefuehrt wird, werden die LVB nicht gecheckt	
 		if($kollision_student=='false')
 		{
-			$sql_query.=" OR (studiengang_kz='".addslashes($this->studiengang_kz)."' AND semester='".addslashes($this->sem)."'";
+			$sql_query.=" OR (studiengang_kz=".$this->db_add_param($this->studiengang_kz)." AND semester=".$this->db_add_param($this->sem);
 			if($this->gruppe_kurzbz!=null && $this->gruppe_kurzbz!='' && $this->gruppe_kurzbz!=' ')
 			{
-				$sql_query.=" OR (gruppe_kurzbz='".addslashes($this->gruppe_kurzbz)."')";
+				$sql_query.=" OR (gruppe_kurzbz=".$this->db_add_param($this->gruppe_kurzbz).")";
 			}
 			else
 			{
 				if ($this->ver!=null && $this->ver!='' && $this->ver!=' ')
-					$sql_query.=" AND (verband='".addslashes($this->ver)."' OR verband IS NULL OR verband='' OR verband=' ')";
+					$sql_query.=" AND (verband=".$this->db_add_param($this->ver)." OR verband IS NULL OR verband='' OR verband=' ')";
 				if ($this->grp!=null && $this->grp!='' && $this->grp!=' ')
-					$sql_query.=" AND (gruppe='".addslashes($this->grp)."' OR gruppe IS NULL OR gruppe='' OR gruppe=' ')";
+					$sql_query.=" AND (gruppe=".$this->db_add_param($this->grp)." OR gruppe IS NULL OR gruppe='' OR gruppe=' ')";
 			}
 			
 			$sql_query.=")";
 		}
-		$sql_query.=") AND unr!='".addslashes($this->unr)."'";
+		$sql_query.=") AND unr!=".$this->db_add_param($this->unr);
 
 		if (!$erg_stpl = $this->db_query($sql_query))
 		{
@@ -621,9 +621,9 @@ class lehrstunde extends basis_db
 		$sql_query="SELECT 
 						zeitsperre_id,zeitsperretyp_kurzbz,mitarbeiter_uid AS lektor,vondatum,vonstunde,bisdatum,bisstunde
 					FROM campus.tbl_zeitsperre
-					WHERE mitarbeiter_uid='".addslashes($this->lektor_uid)."'
-						AND (vondatum<'".addslashes($this->datum)."' OR (vondatum='".addslashes($this->datum)."' AND (vonstunde<='".addslashes($this->stunde)."' OR vonstunde IS NULL)))
-						AND (bisdatum>'".addslashes($this->datum)."' OR (bisdatum='".addslashes($this->datum)."' AND (bisstunde>='".addslashes($this->stunde)."' OR bisstunde IS NULL)));";
+					WHERE mitarbeiter_uid=".$this->db_add_param($this->lektor_uid)."
+						AND (vondatum<".$this->db_add_param($this->datum)." OR (vondatum=".$this->db_add_param($this->datum)." AND (vonstunde<=".$this->db_add_param($this->stunde)." OR vonstunde IS NULL)))
+						AND (bisdatum>".$this->db_add_param($this->datum)." OR (bisdatum=".$this->db_add_param($this->datum)." AND (bisstunde>=".$this->db_add_param($this->stunde)." OR bisstunde IS NULL)));";
 
 		if (!$erg_zs = $this->db_query($sql_query))
 		{
@@ -653,20 +653,20 @@ class lehrstunde extends basis_db
 						semester, verband, gruppe, gruppe_kurzbz, datum, stunde
 					FROM lehre.vw_reservierung
 					WHERE 
-						datum='".addslashes($this->datum)."' AND 
-						stunde='".addslashes($this->stunde)."' AND 
-						(ort_kurzbz='".addslashes($this->ort_kurzbz)."' OR ";
+						datum=".$this->db_add_param($this->datum)." AND 
+						stunde=".$this->db_add_param($this->stunde)." AND 
+						(ort_kurzbz=".$this->db_add_param($this->ort_kurzbz)." OR ";
 		
 		if ($this->lektor_uid!='_DummyLektor')
-			$sql_query.="(uid='".addslashes($this->lektor_uid)."' AND uid!='_DummyLektor') OR ";
+			$sql_query.="(uid=".$this->db_add_param($this->lektor_uid)." AND uid!='_DummyLektor') OR ";
 		
-		$sql_query.="(studiengang_kz='".addslashes($this->studiengang_kz)."' AND semester='".addslashes($this->sem)."'";
+		$sql_query.="(studiengang_kz=".$this->db_add_param($this->studiengang_kz)." AND semester=".$this->db_add_param($this->sem);
 		if ($this->ver!=null && $this->ver!='' && $this->ver!=' ')
-			$sql_query.=" AND (verband='".addslashes($this->ver)."' OR verband IS NULL OR verband='' OR verband=' ')";
+			$sql_query.=" AND (verband=".$this->db_add_param($this->ver)." OR verband IS NULL OR verband='' OR verband=' ')";
 		if ($this->grp!=null && $this->grp!='' && $this->grp!=' ')
-			$sql_query.=" AND (gruppe='".addslashes($this->grp)."' OR gruppe IS NULL OR gruppe='' OR gruppe=' ')";
+			$sql_query.=" AND (gruppe=".$this->db_add_param($this->grp)." OR gruppe IS NULL OR gruppe='' OR gruppe=' ')";
 		if ($this->gruppe_kurzbz!=null && $this->gruppe_kurzbz!='' && $this->gruppe_kurzbz!=' ')
-			$sql_query.=" AND (gruppe_kurzbz='".addslashes($this->gruppe_kurzbz)."')";
+			$sql_query.=" AND (gruppe_kurzbz=".$this->db_add_param($this->gruppe_kurzbz).")";
 		$sql_query.="))";
 		
 		if (!$erg_res = $this->db_query($sql_query))
@@ -701,34 +701,34 @@ class lehrstunde extends basis_db
 		
 		$sql_query = "SELECT *
 			FROM ".$stpl_table."_student_unr
-			WHERE datum='".addslashes($this->datum)."' AND stunde='".addslashes($this->stunde)."' AND student_uid IN(
+			WHERE datum=".$this->db_add_param($this->datum)." AND stunde=".$this->db_add_param($this->stunde)." AND student_uid IN(
 			SELECT uid FROM public.vw_gruppen WHERE 
 			
 		   ";
-		$sql_query.="(studiengang_kz='".addslashes($this->studiengang_kz)."' AND semester='".addslashes($this->sem)."'
+		$sql_query.="(studiengang_kz=".$this->db_add_param($this->studiengang_kz)." AND semester=".$this->db_add_param($this->sem)."
 			AND studiensemester_kurzbz=(
 					SELECT tbl_studiensemester.studiensemester_kurzbz
 					FROM 
 						public.tbl_studiensemester
                    	WHERE 
-                   		tbl_studiensemester.ende >= '".addslashes($this->datum)."'
-                    	AND tbl_studiensemester.start <='".addslashes($this->datum)."' LIMIT 1)";
+                   		tbl_studiensemester.ende >= ".$this->db_add_param($this->datum)."
+                    	AND tbl_studiensemester.start <=".$this->db_add_param($this->datum)." LIMIT 1)";
 		if ($this->gruppe_kurzbz!=null && $this->gruppe_kurzbz!='' && $this->gruppe_kurzbz!=' ')
-			$sql_query.=" AND (gruppe_kurzbz='".addslashes($this->gruppe_kurzbz)."')";
+			$sql_query.=" AND (gruppe_kurzbz=".$this->db_add_param($this->gruppe_kurzbz).")";
 		else 
 		{
 			if ($this->ver!=null && $this->ver!='' && $this->ver!=' ')
-				$sql_query.=" AND (verband='".addslashes($this->ver)."')";
+				$sql_query.=" AND (verband=".$this->db_add_param($this->ver).")";
 			else 
 				$sql_query.=" AND (verband IS NULL OR verband='' OR verband=' ')";
 			if ($this->grp!=null && $this->grp!='' && $this->grp!=' ')
-				$sql_query.=" AND (gruppe='".addslashes($this->grp)."')";
+				$sql_query.=" AND (gruppe=".$this->db_add_param($this->grp).")";
 			else 
 				$sql_query.=" AND (gruppe IS NULL OR gruppe='' OR gruppe=' ')";
 		}
 		
 		
-		$sql_query.=")) AND unr!='".addslashes($this->unr)."'";
+		$sql_query.=")) AND unr!=".$this->db_add_param($this->unr);
 		
 		if (!$erg_stpl=$this->db_query($sql_query))
 		{
diff --git a/include/lehrveranstaltung.class.php b/include/lehrveranstaltung.class.php
index 65e239da4..47ed94e75 100644
--- a/include/lehrveranstaltung.class.php
+++ b/include/lehrveranstaltung.class.php
@@ -585,7 +585,7 @@ class lehrveranstaltung extends basis_db
 		}*/
 
 		$qry='SELECT count(*) as count FROM lehre.tbl_lehrveranstaltung
-			WHERE studiengang_kz='.$studiengang_kz.' AND orgform_kurzbz'.(is_null($orgform_kurzbz)?' is null':"='".$orgform_kurzbz."'");
+			WHERE studiengang_kz='.$this->db_add_param($studiengang_kz).' AND orgform_kurzbz'.(is_null($orgform_kurzbz)?' is null':"=".$this->db_add_param($orgform_kurzbz));
 		//echo $qry;
 		$return=array();
 		if($db_result=$this->db_query($qry))
diff --git a/include/lehrverband.class.php b/include/lehrverband.class.php
index 0b0f77afc..3143a92e9 100644
--- a/include/lehrverband.class.php
+++ b/include/lehrverband.class.php
@@ -194,7 +194,7 @@ class lehrverband extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Lesen der Lehrverbaende '.$qry;
+			$this->errormsg = 'Fehler beim Lesen der Lehrverbaende ';
 			return false;
 		}
 	}
@@ -222,7 +222,7 @@ class lehrverband extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Lesen der Semester '.$qry;
+			$this->errormsg = 'Fehler beim Lesen der Semester ';
 			return false;
 		}
 	}
@@ -249,7 +249,7 @@ class lehrverband extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Lesen der Lehrverbaende '.$qry;
+			$this->errormsg = 'Fehler beim Lesen der Lehrverbaende ';
 			return false;
 		}
 	}
@@ -279,7 +279,7 @@ class lehrverband extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Lesen der Lehrverbaende '.$qry;
+			$this->errormsg = 'Fehler beim Lesen der Lehrverbaende ';
 			return false;
 		}
 	}
@@ -329,7 +329,7 @@ class lehrverband extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Speichern des Lehrverbands:'.$qry;
+			$this->errormsg = 'Fehler beim Speichern des Lehrverbands:';
 			return false;
 		}
 	}
diff --git a/include/mitarbeiter.class.php b/include/mitarbeiter.class.php
index dfb2588e8..2c325ea99 100644
--- a/include/mitarbeiter.class.php
+++ b/include/mitarbeiter.class.php
@@ -443,7 +443,7 @@ class mitarbeiter extends benutzer
 			$in='';
 			foreach ($stge as $stg)
 			{
-				$in.=','.$stg;
+				$in.=','.$this->db_add_param($stg, FHC_INTEGER);
 				if($stg==0)
 				{
 					$in='';
diff --git a/include/news.class.php b/include/news.class.php
index 09d4c435b..50c0f4474 100644
--- a/include/news.class.php
+++ b/include/news.class.php
@@ -84,15 +84,15 @@ class news extends basis_db
 			if(is_null($fachbereich_kurzbz) || trim($fachbereich_kurzbz)=='')
 				$qry.=' AND fachbereich_kurzbz is null';	
 			else 
-				$qry.=" AND fachbereich_kurzbz='".addslashes(trim($fachbereich_kurzbz))."'";
+				$qry.=" AND fachbereich_kurzbz=".$this->db_add_param(trim($fachbereich_kurzbz));
 		}
 				
 		if(trim($studiengang_kz)=='0')
-			$qry.=" AND studiengang_kz='".$studiengang_kz."' ".(trim($semester)!=''?(trim($semester)=='0'?' AND semester=0':''):' AND semester is null');
+			$qry.=" AND studiengang_kz=".$this->db_add_param($studiengang_kz)." ".(trim($semester)!=''?(trim($semester)=='0'?' AND semester=0':''):' AND semester is null');
 		elseif(trim($studiengang_kz)=='')
 			$qry.='';
 		else
-			$qry.=" AND ((studiengang_kz='".trim($studiengang_kz)."' AND semester='".trim($semester)."') OR (studiengang_kz='".trim($studiengang_kz)."' AND semester=0) OR (studiengang_kz=0 AND semester='".trim($semester)."') ".($mischen===true?"OR (studiengang_kz=0 and semester is null)":"").")";	
+			$qry.=" AND ((studiengang_kz=".$this->db_add_param(trim($studiengang_kz))." AND semester=".$this->db_add_param(trim($semester)).") OR (studiengang_kz=".$this->db_add_param(trim($studiengang_kz))." AND semester=0) OR (studiengang_kz=0 AND semester=".$this->db_add_param(trim($semester)).") ".($mischen===true?"OR (studiengang_kz=0 and semester is null)":"").")";	
 		$qry.=' ORDER BY datum DESC';
 		if(trim($maxnews)!='0')
 			$qry.= " LIMIT ".trim($maxnews);
@@ -144,7 +144,7 @@ class news extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM campus.tbl_news WHERE news_id = '$news_id';";
+		$qry = "SELECT * FROM campus.tbl_news WHERE news_id=".$this->db_add_param($news_id, FHC_INTEGER).";";
 		
 		if(!$this->db_query($qry))
 		{
@@ -196,10 +196,9 @@ class news extends basis_db
 		if($this->load($news_id))
 		{
 			$qry = "
-				DELETE FROM campus.tbl_news WHERE news_id='".addslashes($news_id)."';
-				DELETE FROM campus.tbl_contentsprache WHERE content_id='".addslashes($this->content_id)."';
-				DELETE FROM campus.tbl_content WHERE content_id='".addslashes($this->content_id)."';
-				";
+				DELETE FROM campus.tbl_news WHERE news_id=".$this->db_add_param($news_id, FHC_INTEGER)."
+				DELETE FROM campus.tbl_contentsprache WHERE content_id=".$this->db_add_param($this->content_id, FHC_INTEGER)."
+				DELETE FROM campus.tbl_content WHERE content_id=".$this->db_add_param($this->content_id, FHC_INTEGER);
 			
 			if($this->db_query($qry))
 				return true;
@@ -241,17 +240,17 @@ class news extends basis_db
 						
 			$qry = 'BEGIN;INSERT INTO campus.tbl_news (semester, fachbereich_kurzbz, uid, studiengang_kz, datum, datum_bis, 
 						insertamum, insertvon, updateamum, updatevon, content_id) VALUES ('.
-				$this->addslashes($this->semester).', '.
-				$this->addslashes($this->fachbereich_kurzbz).', '.
-				$this->addslashes($this->uid).', '.
-				$this->addslashes($this->studiengang_kz).', '.
-				$this->addslashes($this->datum).', '.
-				$this->addslashes($this->datum_bis).', '.
-				$this->addslashes($this->insertamum).', '.
-				$this->addslashes($this->insertvon).', '.
-				$this->addslashes($this->updateamum).', '.
-				$this->addslashes($this->updatevon).','.
-				$this->addslashes($this->content_id).'); ';
+				$this->db_add_param($this->semester).', '.
+				$this->db_add_param($this->fachbereich_kurzbz).', '.
+				$this->db_add_param($this->uid).', '.
+				$this->db_add_param($this->studiengang_kz).', '.
+				$this->db_add_param($this->datum).', '.
+				$this->db_add_param($this->datum_bis).', '.
+				$this->db_add_param($this->insertamum).', '.
+				$this->db_add_param($this->insertvon).', '.
+				$this->db_add_param($this->updateamum).', '.
+				$this->db_add_param($this->updatevon).','.
+				$this->db_add_param($this->content_id, FHC_INTEGER).'); ';
 				
 		}
 		else 
@@ -266,18 +265,18 @@ class news extends basis_db
 			}
 			
 			$qry = 'UPDATE campus.tbl_news SET '. 
-				'semester='.$this->addslashes($this->semester).', '.
-				'fachbereich_kurzbz='.$this->addslashes($this->fachbereich_kurzbz).', '.
-				'uid='.$this->addslashes($this->uid).', '.
-				'studiengang_kz='.$this->addslashes($this->studiengang_kz).', '.
-				'datum='.$this->addslashes($this->datum).', '.
-				'datum_bis='.$this->addslashes($this->datum_bis).', '.
-				'insertamum='.$this->addslashes($this->insertamum).', '.
-				'insertvon='.$this->addslashes($this->insertvon).', '.
-				'updateamum='.$this->addslashes($this->updateamum).', '.
-				'updatevon='.$this->addslashes($this->updatevon).', '.
-				'content_id='.$this->addslashes($this->content_id).' '.
-				'WHERE news_id = '.$this->addslashes($this->news_id).';';
+				'semester='.$this->db_add_param($this->semester).', '.
+				'fachbereich_kurzbz='.$this->db_add_param($this->fachbereich_kurzbz).', '.
+				'uid='.$this->db_add_param($this->uid).', '.
+				'studiengang_kz='.$this->db_add_param($this->studiengang_kz).', '.
+				'datum='.$this->db_add_param($this->datum).', '.
+				'datum_bis='.$this->db_add_param($this->datum_bis).', '.
+				'insertamum='.$this->db_add_param($this->insertamum).', '.
+				'insertvon='.$this->db_add_param($this->insertvon).', '.
+				'updateamum='.$this->db_add_param($this->updateamum).', '.
+				'updatevon='.$this->db_add_param($this->updatevon).', '.
+				'content_id='.$this->db_add_param($this->content_id, FHC_INTEGER).' '.
+				'WHERE news_id = '.$this->db_add_param($this->news_id, FHC_INTEGER).';';
 		}
 		
 		if($this->db_query($qry))
@@ -315,4 +314,4 @@ class news extends basis_db
 		}		
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/note.class.php b/include/note.class.php
index c8ed3f908..d0c2e3595 100644
--- a/include/note.class.php
+++ b/include/note.class.php
@@ -67,7 +67,7 @@ class note extends basis_db
 			return false;
 		}
 
-		$qry = "SELECT * FROM lehre.tbl_note WHERE note='".$note."'";
+		$qry = "SELECT * FROM lehre.tbl_note WHERE note=".$this->db_add_param($note);
 
 		if($this->db_query($qry))
 		{
diff --git a/include/organisationseinheit.class.php b/include/organisationseinheit.class.php
index 09c56181a..e0122208c 100644
--- a/include/organisationseinheit.class.php
+++ b/include/organisationseinheit.class.php
@@ -195,7 +195,7 @@ class organisationseinheit extends basis_db
 			WITH RECURSIVE oes(oe_kurzbz, oe_parent_kurzbz) as 
 			(
 				SELECT oe_kurzbz, oe_parent_kurzbz FROM public.tbl_organisationseinheit 
-				WHERE oe_kurzbz='".addslashes($oe_kurzbz)."'
+				WHERE oe_kurzbz=".$this->db_add_param($oe_kurzbz)."
 				UNION ALL
 				SELECT o.oe_kurzbz, o.oe_parent_kurzbz FROM public.tbl_organisationseinheit o, oes 
 				WHERE o.oe_parent_kurzbz=oes.oe_kurzbz
@@ -219,7 +219,7 @@ class organisationseinheit extends basis_db
 		else 
 		{		
 			//vor 8.4 muss die Rekursion in PHP aufgeloest werden
-			$qry = "SELECT * FROM public.tbl_organisationseinheit WHERE oe_parent_kurzbz = '$oe_kurzbz'";
+			$qry = "SELECT * FROM public.tbl_organisationseinheit WHERE oe_parent_kurzbz = ".$this->db_add_param($oe_kurzbz);
 		
 			if($myresult = $this->db_query($qry))
 			{
@@ -245,7 +245,7 @@ class organisationseinheit extends basis_db
 	public function getDirectChilds($oe_kurzbz)
 	{		
 		$childs = array();
-		$qry = "SELECT * FROM public.tbl_organisationseinheit WHERE oe_parent_kurzbz = '$oe_kurzbz' ORDER BY organisationseinheittyp_kurzbz DESC, bezeichnung";
+		$qry = "SELECT * FROM public.tbl_organisationseinheit WHERE oe_parent_kurzbz = ".$this->db_add_param($oe_kurzbz)." ORDER BY organisationseinheittyp_kurzbz DESC, bezeichnung";
 		
 		if($this->db_query($qry))
 		{
@@ -531,26 +531,26 @@ class organisationseinheit extends basis_db
 	    
 	    if($this->db_query($qry))
 	    {
-		while($row = $this->db_fetch_object())
-		{
-		    $obj = new organisationseinheit();
+			while($row = $this->db_fetch_object())
+			{
+				$obj = new organisationseinheit();
 
-		    $obj->oe_kurzbz = $row->oe_kurzbz;
-		    $obj->oe_parent_kurzbz = $row->oe_parent_kurzbz;
-		    $obj->bezeichnung = $row->bezeichnung;
-		    $obj->organisationseinheittyp_kurzbz = $row->organisationseinheittyp_kurzbz;
-		    $obj->aktiv = $this->db_parse_bool($row->aktiv);
-		    $obj->mailverteiler = $this->db_parse_bool($row->mailverteiler);
-		    $obj->lehre = $this->db_parse_bool($row->lehre);
+				$obj->oe_kurzbz = $row->oe_kurzbz;
+				$obj->oe_parent_kurzbz = $row->oe_parent_kurzbz;
+				$obj->bezeichnung = $row->bezeichnung;
+				$obj->organisationseinheittyp_kurzbz = $row->organisationseinheittyp_kurzbz;
+				$obj->aktiv = $this->db_parse_bool($row->aktiv);
+				$obj->mailverteiler = $this->db_parse_bool($row->mailverteiler);
+				$obj->lehre = $this->db_parse_bool($row->lehre);
 
-		    $this->result[] = $obj;
-		}
-		return true;
+				$this->result[] = $obj;
+			}
+			return true;
 	    }
 	    else 
 	    {
-		$this->errormsg = 'Fehler beim Laden der Organisationseinheiten';
-		return false;
+			$this->errormsg = 'Fehler beim Laden der Organisationseinheiten';
+			return false;
 	    }
 	}
 	
@@ -562,32 +562,32 @@ class organisationseinheit extends basis_db
 	public function search($searchItem)
 	{
 	    $qry = 'SELECT * FROM public.tbl_organisationseinheit WHERE 
-	    		(LOWER(bezeichnung) LIKE LOWER(\'%'.(implode(' ',$searchItem)).'%\') OR
-	    		LOWER(organisationseinheittyp_kurzbz) LIKE LOWER(\'%'.(implode(' ',$searchItem)).'%\'))
+	    		(LOWER(bezeichnung) LIKE LOWER(\'%'.$this->db_escape((implode(' ',$searchItem))).'%\') OR
+	    		LOWER(organisationseinheittyp_kurzbz) LIKE LOWER(\'%'.$this->db_escape((implode(' ',$searchItem))).'%\'))
 	    		ORDER BY organisationseinheittyp_kurzbz, bezeichnung;';
 	    
 	    if($this->db_query($qry))
 	    {
-		while($row = $this->db_fetch_object())
-		{
-		    $obj = new organisationseinheit();
+			while($row = $this->db_fetch_object())
+			{
+				$obj = new organisationseinheit();
 
-		    $obj->oe_kurzbz = $row->oe_kurzbz;
-		    $obj->oe_parent_kurzbz = $row->oe_parent_kurzbz;
-		    $obj->bezeichnung = $row->bezeichnung;
-		    $obj->organisationseinheittyp_kurzbz = $row->organisationseinheittyp_kurzbz;
-		    $obj->aktiv = $this->db_parse_bool($row->aktiv);
-		    $obj->mailverteiler = $this->db_parse_bool($row->mailverteiler);
-		    $obj->lehre = $this->db_parse_bool($row->lehre);
+				$obj->oe_kurzbz = $row->oe_kurzbz;
+				$obj->oe_parent_kurzbz = $row->oe_parent_kurzbz;
+				$obj->bezeichnung = $row->bezeichnung;
+				$obj->organisationseinheittyp_kurzbz = $row->organisationseinheittyp_kurzbz;
+				$obj->aktiv = $this->db_parse_bool($row->aktiv);
+				$obj->mailverteiler = $this->db_parse_bool($row->mailverteiler);
+				$obj->lehre = $this->db_parse_bool($row->lehre);
 
-		    $this->result[] = $obj;
-		}
-		return true;
+				$this->result[] = $obj;
+			}
+			return true;
 	    }
 	    else 
 	    {
-		$this->errormsg = 'Fehler beim Laden der Organisationseinheiten';
-		return false;
+			$this->errormsg = 'Fehler beim Laden der Organisationseinheiten';
+			return false;
 	    }
 	}
 	
@@ -655,32 +655,32 @@ class organisationseinheit extends basis_db
 		if(!is_null($aktiv))
 			$qry.=" WHERE aktiv=".$this->db_add_param($aktiv, FHC_BOOLEAN);
 
-		$qry .=" ) AS a
+		$qry .=" ) AS a
 				GROUP BY oe_kurzbz,oe_parent_kurzbz,bezeichnung,organisationseinheittyp_kurzbz,aktiv,lehre
 				ORDER BY anzahl DESC, bezeichnung";
 
 	    if($this->db_query($qry))
 	    {
-		while($row = $this->db_fetch_object())
-		{
-		    $obj = new organisationseinheit();
+			while($row = $this->db_fetch_object())
+			{
+				$obj = new organisationseinheit();
 
-		    $obj->oe_kurzbz = $row->oe_kurzbz;
-		    $obj->oe_parent_kurzbz = $row->oe_parent_kurzbz;
-		    $obj->bezeichnung = $row->bezeichnung;
-		    $obj->organisationseinheittyp_kurzbz = $row->organisationseinheittyp_kurzbz;
-		    $obj->aktiv = $this->db_parse_bool($row->aktiv);
-		    $obj->lehre = $this->db_parse_bool($row->lehre);
-		    $obj->anzahl = $row->anzahl;
+				$obj->oe_kurzbz = $row->oe_kurzbz;
+				$obj->oe_parent_kurzbz = $row->oe_parent_kurzbz;
+				$obj->bezeichnung = $row->bezeichnung;
+				$obj->organisationseinheittyp_kurzbz = $row->organisationseinheittyp_kurzbz;
+				$obj->aktiv = $this->db_parse_bool($row->aktiv);
+				$obj->lehre = $this->db_parse_bool($row->lehre);
+				$obj->anzahl = $row->anzahl;
 
-		    $this->result[] = $obj;
-		}
-		return true;
+				$this->result[] = $obj;
+			}
+			return true;
 	    }
 	    else 
 	    {
-		$this->errormsg = 'Fehler beim Laden der Organisationseinheiten';
-		return false;
+			$this->errormsg = 'Fehler beim Laden der Organisationseinheiten';
+			return false;
 	    }
 	}
 }
diff --git a/include/preincoming.class.php b/include/preincoming.class.php
index 87d544d4f..ddb03915d 100644
--- a/include/preincoming.class.php
+++ b/include/preincoming.class.php
@@ -96,7 +96,7 @@ class preincoming extends basis_db
 		}
 
 		//Daten aus der Datenbank lesen
-		$qry = "SELECT * FROM public.tbl_preincoming WHERE preincoming_id='".addslashes($preincoming_id)."'";
+		$qry = "SELECT * FROM public.tbl_preincoming WHERE preincoming_id=".$this->db_add_param($preincoming_id, FHC_INTEGER);
 
 		if(!$this->db_query($qry))
 		{
@@ -113,13 +113,13 @@ class preincoming extends basis_db
 			$this->firma_id = $row->firma_id;
 			$this->anmerkung = $row->anmerkung;
 			$this->universitaet = $row->universitaet;
-			$this->aktiv = ($row->aktiv=='t'?true:false);
-			$this->bachelorthesis = ($row->bachelorthesis=='t'?true:false);
-			$this->masterthesis = ($row->masterthesis=='t'?true:false);
+			$this->aktiv = $this->db_parse_bool($row->aktiv);
+			$this->bachelorthesis = $this->db_parse_bool($row->bachelorthesis);
+			$this->masterthesis = $this->db_parse_bool($row->masterthesis);
 			$this->von = $row->von;
 			$this->bis = $row->bis;
 			$this->code = $row->code; 
-			$this->uebernommen = ($row->uebernommen=='t'?true:false);
+			$this->uebernommen = $this->db_parse_bool($row->uebernommen);
 			$this->updateamum = $row->updateamum;
 			$this->updatevon = $row->updatevon;
 			$this->insertamum = $row->insertamum;
@@ -134,15 +134,15 @@ class preincoming extends basis_db
 			$this->zgvmaster_datum = $row->zgvmaster_datum; 
 			$this->zgvmaster_ort = $row->zgvmaster_ort; 
 			$this->program_name = $row->program_name; 
-			$this->bachelor = ($row->bachelor=='t'?true:false);
-			$this->master = ($row->master=='t'?true:false); 
+			$this->bachelor = $this->db_parse_bool($row->bachelor);
+			$this->master = $this->db_parse_bool($row->master); 
 			$this->jahre = $row->jahre; 
 			$this->person_id_emergency = $row->person_id_emergency; 
 			$this->person_id_coordinator_dep = $row->person_id_coordinator_dep; 
 			$this->person_id_coordinator_int = $row->person_id_coordinator_int; 
-			$this->deutschkurs1 = ($row->deutschkurs1=='t'?true:false);
-			$this->deutschkurs2 = ($row->deutschkurs2=='t'?true:false);
-			$this->deutschkurs3 = ($row->deutschkurs3=='t'?true:false);
+			$this->deutschkurs1 = $this->db_parse_bool($row->deutschkurs1);
+			$this->deutschkurs2 = $this->db_parse_bool($row->deutschkurs2);
+			$this->deutschkurs3 = $this->db_parse_bool($row->deutschkurs3);
 			$this->research_area = $row->research_area; 
 		}
 		else
@@ -161,7 +161,7 @@ class preincoming extends basis_db
 	 */
 	public function loadFromPerson($person_id)
 	{
-		$qry = "SELECT * FROM public.tbl_preincoming WHERE person_id='".addslashes($person_id)."'";
+		$qry = "SELECT * FROM public.tbl_preincoming WHERE person_id=".$this->db_add_param($person_id, FHC_INTEGER);
 		
 		if($result = $this->db_query($qry))
 		{
@@ -176,13 +176,13 @@ class preincoming extends basis_db
 				$obj->firma_id = $row->firma_id;
 				$obj->anmerkung = $row->anmerkung;
 				$obj->universitaet = $row->universitaet;
-				$obj->aktiv = ($row->aktiv=='t'?true:false);
-				$obj->bachelorthesis = ($row->bachelorthesis=='t'?true:false);
-				$obj->masterthesis = ($row->masterthesis=='t'?true:false);
+				$obj->aktiv = $this->db_parse_bool($row->aktiv);
+				$obj->bachelorthesis = $this->db_parse_bool($row->bachelorthesis);
+				$obj->masterthesis = $this->db_parse_bool($row->masterthesis);
 				$obj->von = $row->von;
 				$obj->bis = $row->bis;
 				$obj->code = $row->code; 
-				$obj->uebernommen = ($row->uebernommen=='t'?true:false);
+				$obj->uebernommen = $this->db_parse_bool($row->uebernommen);
 				$obj->updateamum = $row->updateamum;
 				$obj->updatevon = $row->updatevon;
 				$obj->insertamum = $row->insertamum;
@@ -197,15 +197,15 @@ class preincoming extends basis_db
 				$obj->zgvmaster_datum = $row->zgvmaster_datum; 
 				$obj->zgvmaster_ort = $row->zgvmaster_ort; 
 				$obj->program_name = $row->program_name; 
-				$obj->bachelor = ($row->bachelor=='t'?true:false); 
-				$obj->master = ($row->master=='t'?true:false); 
+				$obj->bachelor = $this->db_parse_bool($row->bachelor); 
+				$obj->master = $this->db_parse_bool($row->master); 
 				$obj->jahre = $row->jahre; 
 				$obj->person_id_emergency = $row->person_id_emergency; 
 				$obj->person_id_coordinator_dep = $row->person_id_coordinator_dep; 
 				$obj->person_id_coordinator_int = $row->person_id_coordinator_int; 
-				$obj->deutschkurs1 = ($row->deutschkurs1=='t'?true:false);
-				$obj->deutschkurs2 = ($row->deutschkurs2=='t'?true:false);
-				$obj->deutschkurs3 = ($row->deutschkurs3=='t'?true:false);
+				$obj->deutschkurs1 = $this->db_parse_bool($row->deutschkurs1);
+				$obj->deutschkurs2 = $this->db_parse_bool($row->deutschkurs2);
+				$obj->deutschkurs3 = $this->db_parse_bool($row->deutschkurs3);
 				$obj->research_area = $row->research_area; 
 			
 				$this->result[] = $obj;
@@ -265,40 +265,40 @@ class preincoming extends basis_db
 					bachelor, master, jahre, person_id_emergency, person_id_coordinator_dep, person_id_coordinator_int,
 					deutschkurs1, deutschkurs2, deutschkurs3, research_area)
 				  VALUES('.
-			      $this->addslashes($this->person_id).', '.
-			      $this->addslashes($this->mobilitaetsprogramm_code).', '.
-			      $this->addslashes($this->zweck_code).', '.
-			      $this->addslashes($this->firma_id).', '.
-			      $this->addslashes($this->anmerkung).', '.
-			      $this->addslashes($this->universitaet).', '.
-			      ($this->aktiv?'true':'false').', '.
-			      ($this->bachelorthesis?'true':'false').', '.
-			      ($this->masterthesis?'true':'false').', '.
-			      $this->addslashes($this->von).', '.
-			      $this->addslashes($this->bis).', '.
-			      $this->addslashes($this->code).', '.
-			      ($this->uebernommen?'true':'false').', now(), '.
-			      $this->addslashes($this->insertvon).', now(), '.
-			      $this->addslashes($this->updatevon).', '.  
-			      $this->addslashes($this->zgv).', '. 
-				  $this->addslashes($this->zgv_ort).', '.
-				  $this->addslashes($this->zgv_datum).', '. 
-				  $this->addslashes($this->zgv_name).', '. 
-				  $this->addslashes($this->zgvmaster).', '.
-				  $this->addslashes($this->zgvmaster_name).', '.
-				  $this->addslashes($this->zgvmaster_datum).', '. 
-				  $this->addslashes($this->zgvmaster_ort).', '.
-				  $this->addslashes($this->program_name).', '.
-				   ($this->bachelor?'true':'false').', '.
-				   ($this->master?'true':'false').', '.
-				  $this->addslashes($this->jahre).', '.
-				  $this->addslashes($this->person_id_emergency).', '.
-				  $this->addslashes($this->person_id_coordinator_dep).', '.
-				  $this->addslashes($this->person_id_coordinator_int).', '.
-				  ($this->deutschkurs1?'true':'false').', '.
-				  ($this->deutschkurs2?'true':'false').', '.
-				  ($this->deutschkurs3?'true':'false').', '.				  
-				  $this->addslashes($this->research_area).' );';  		      
+			      $this->db_add_param($this->person_id).', '.
+			      $this->db_add_param($this->mobilitaetsprogramm_code).', '.
+			      $this->db_add_param($this->zweck_code).', '.
+			      $this->db_add_param($this->firma_id).', '.
+			      $this->db_add_param($this->anmerkung).', '.
+			      $this->db_add_param($this->universitaet).', '.
+			      $this->db_add_param($this->aktiv, FHC_BOOLEAN).', '.
+			      $this->db_add_param($this->bachelorthesis, FHC_BOOLEAN).', '.
+			      $this->db_add_param($this->masterthesis, FHC_BOOLEAN).', '.
+			      $this->db_add_param($this->von).', '.
+			      $this->db_add_param($this->bis).', '.
+			      $this->db_add_param($this->code).', '.
+			      $this->db_add_param($this->uebernommen, FHC_BOOLEAN).', now(), '.
+			      $this->db_add_param($this->insertvon).', now(), '.
+			      $this->db_add_param($this->updatevon).', '.  
+			      $this->db_add_param($this->zgv).', '. 
+				  $this->db_add_param($this->zgv_ort).', '.
+				  $this->db_add_param($this->zgv_datum).', '. 
+				  $this->db_add_param($this->zgv_name).', '. 
+				  $this->db_add_param($this->zgvmaster).', '.
+				  $this->db_add_param($this->zgvmaster_name).', '.
+				  $this->db_add_param($this->zgvmaster_datum).', '. 
+				  $this->db_add_param($this->zgvmaster_ort).', '.
+				  $this->db_add_param($this->program_name).', '.
+				  $this->db_add_param($this->bachelor, FHC_BOOLEAN).', '.
+				  $this->db_add_param($this->master, FHC_BOOLEAN).', '.
+				  $this->db_add_param($this->jahre).', '.
+				  $this->db_add_param($this->person_id_emergency).', '.
+				  $this->db_add_param($this->person_id_coordinator_dep).', '.
+				  $this->db_add_param($this->person_id_coordinator_int).', '.
+				  $this->db_add_param($this->deutschkurs1, FHC_BOOLEAN).', '.
+				  $this->db_add_param($this->deutschkurs2, FHC_BOOLEAN).', '.
+				  $this->db_add_param($this->deutschkurs3, FHC_BOOLEAN).', '.				  
+				  $this->db_add_param($this->research_area).' );';  		      
 		}
 		else
 		{
@@ -309,41 +309,41 @@ class preincoming extends basis_db
 				return false;
 			}
 			$qry='UPDATE public.tbl_preincoming SET'.
-				' person_id='.$this->addslashes($this->person_id).', '.
-				' mobilitaetsprogramm_code='.$this->addslashes($this->mobilitaetsprogramm_code).', '.
-				' zweck_code='.$this->addslashes($this->zweck_code).', '.
-				' firma_id='.$this->addslashes($this->firma_id).', '.
-		      	' anmerkung='.$this->addslashes($this->anmerkung).', '.
-		      	' universitaet='.$this->addslashes($this->universitaet).', '.
-		      	' aktiv='.($this->aktiv?'true':'false').', '.
-				' bachelorthesis='.($this->bachelorthesis?'true':'false').', '.
-				' masterthesis='.($this->masterthesis?'true':'false').', '.
-		      	' von='.$this->addslashes($this->von).', '.
-		      	' bis='.$this->addslashes($this->bis).','.
-				' code='.$this->addslashes($this->code).','.
-				' uebernommen='.($this->uebernommen?'true':'false').', '.
+				' person_id='.$this->db_add_param($this->person_id).', '.
+				' mobilitaetsprogramm_code='.$this->db_add_param($this->mobilitaetsprogramm_code).', '.
+				' zweck_code='.$this->db_add_param($this->zweck_code).', '.
+				' firma_id='.$this->db_add_param($this->firma_id).', '.
+		      	' anmerkung='.$this->db_add_param($this->anmerkung).', '.
+		      	' universitaet='.$this->db_add_param($this->universitaet).', '.
+		      	' aktiv='.$this->db_add_param($this->aktiv, FHC_BOOLEAN).', '.
+				' bachelorthesis='.$this->db_add_param($this->bachelorthesis, FHC_BOOLEAN).', '.
+				' masterthesis='.$this->db_add_param($this->masterthesis, FHC_BOOLEAN).', '.
+		      	' von='.$this->db_add_param($this->von).', '.
+		      	' bis='.$this->db_add_param($this->bis).','.
+				' code='.$this->db_add_param($this->code).','.
+				' uebernommen='.$this->db_add_param($this->uebernommen, FHC_BOOLEAN).', '.
 		      	' updateamum=now() ,'.
-		      	' updatevon='.$this->addslashes($this->updatevon).', '.
+		      	' updatevon='.$this->db_add_param($this->updatevon).', '.
 
-				' zgv='.$this->addslashes($this->zgv).', '. 
-				' zgv_ort='.$this->addslashes($this->zgv_ort).', '.
-				' zgv_datum='.$this->addslashes($this->zgv_datum).', '. 
-				' zgv_name='.$this->addslashes($this->zgv_name).', '. 
-				' zgvmaster='.$this->addslashes($this->zgvmaster).', '.
-				' zgvmaster_name='.$this->addslashes($this->zgvmaster_name).', '.			
-				' zgvmaster_datum='.$this->addslashes($this->zgvmaster_datum).', '. 
-				' zgvmaster_ort='.$this->addslashes($this->zgvmaster_ort).', '.
-				' program_name='.$this->addslashes($this->program_name).', '.
-				' bachelor='.($this->bachelor?'true':'false').', '.
-				' master='.($this->master?'true':'false').', '.
-				' jahre='.$this->addslashes($this->jahre).', '.
-				' person_id_emergency='.$this->addslashes($this->person_id_emergency).', '.
-				' person_id_coordinator_dep='.$this->addslashes($this->person_id_coordinator_dep).', '.
-				' person_id_coordinator_int='.$this->addslashes($this->person_id_coordinator_int).', '.
-				' deutschkurs1='.($this->deutschkurs1?'true':'false').', '.
-				' deutschkurs2='.($this->deutschkurs2?'true':'false').', '.
-				' deutschkurs3='.($this->deutschkurs3?'true':'false').', '.			
-				' research_area='.$this->addslashes($this->research_area).' '.  	
+				' zgv='.$this->db_add_param($this->zgv).', '. 
+				' zgv_ort='.$this->db_add_param($this->zgv_ort).', '.
+				' zgv_datum='.$this->db_add_param($this->zgv_datum).', '. 
+				' zgv_name='.$this->db_add_param($this->zgv_name).', '. 
+				' zgvmaster='.$this->db_add_param($this->zgvmaster).', '.
+				' zgvmaster_name='.$this->db_add_param($this->zgvmaster_name).', '.			
+				' zgvmaster_datum='.$this->db_add_param($this->zgvmaster_datum).', '. 
+				' zgvmaster_ort='.$this->db_add_param($this->zgvmaster_ort).', '.
+				' program_name='.$this->db_add_param($this->program_name).', '.
+				' bachelor='.$this->db_add_param($this->bachelor, FHC_BOOLEAN).', '.
+				' master='.$this->db_add_param($this->master, FHC_BOOLEAN).', '.
+				' jahre='.$this->db_add_param($this->jahre).', '.
+				' person_id_emergency='.$this->db_add_param($this->person_id_emergency).', '.
+				' person_id_coordinator_dep='.$this->db_add_param($this->person_id_coordinator_dep).', '.
+				' person_id_coordinator_int='.$this->db_add_param($this->person_id_coordinator_int).', '.
+				' deutschkurs1='.$this->db_add_param($this->deutschkurs1, FHC_BOOLEAN).', '.
+				' deutschkurs2='.$this->db_add_param($this->deutschkurs2, FHC_BOOLEAN).', '.
+				' deutschkurs3='.$this->db_add_param($this->deutschkurs3, FHC_BOOLEAN).', '.			
+				' research_area='.$this->db_add_param($this->research_area).' '.  	
 		      	' WHERE preincoming_id='.$this->preincoming_id.';';
 		}
 		
@@ -399,7 +399,7 @@ class preincoming extends basis_db
 		}
 
 		//loeschen des Datensatzes
-		$qry="DELETE FROM public.tbl_preincoming WHERE preincoming_id='".addslashes($preincoming_id)."';";
+		$qry="DELETE FROM public.tbl_preincoming WHERE preincoming_id=".$this->db_add_param($preincoming_id, FHC_INTEGER).";";
 
 		if($this->db_query($qry))
 		{
@@ -428,7 +428,7 @@ class preincoming extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM public.tbl_preincoming_lehrveranstaltung WHERE preincoming_id='".addslashes($preincoming_id)."';";
+		$qry = "SELECT * FROM public.tbl_preincoming_lehrveranstaltung WHERE preincoming_id=".$this->db_add_param($preincoming_id, FHC_INTEGER).";";
 		
 		if($result = $this->db_query($qry))
 		{
@@ -466,8 +466,8 @@ class preincoming extends basis_db
 		}
 		
 		$qry = "DELETE FROM public.tbl_preincoming_lehrveranstaltung 
-				WHERE preincoming_id='".addslashes($preincoming_id)."' 
-				AND lehrveranstaltung_id='".addslashes($lehrveranstaltung_id)."';";
+				WHERE preincoming_id=".$this->db_add_param($preincoming_id, FHC_INTEGER)." 
+				AND lehrveranstaltung_id=".$this->db_add_param($lehrveranstaltung_id, FHC_INTEGER).";";
 		if($this->db_query($qry))
 		{
 			return true;
@@ -490,8 +490,8 @@ class preincoming extends basis_db
 	{
 		$qry = "SELECT 1 FROM public.tbl_preincoming_lehrveranstaltung 
 				WHERE 
-					preincoming_id='".addslashes($preincoming_id)."' 
-					AND lehrveranstaltung_id='".addslashes($lehrveranstaltung_id)."';";
+					preincoming_id=".$this->db_add_param($preincoming_id, FHC_INTEGER)."
+					AND lehrveranstaltung_id=".$this->db_add_param($lehrveranstaltung_id, FHC_INTEGER).";";
 
 		if($result = $this->db_query($qry))
 		{
@@ -518,10 +518,10 @@ class preincoming extends basis_db
 	{
 		$qry = "INSERT INTO public.tbl_preincoming_lehrveranstaltung(lehrveranstaltung_id, 
 					preincoming_id, insertamum, insertvon) VALUES(".
-				$this->addslashes($lehrveranstaltung_id).','.
-				$this->addslashes($preincoming_id).','.
-				$this->addslashes($insertamum).','.
-				$this->addslashes($insertvon).');';
+				$this->db_add_param($lehrveranstaltung_id).','.
+				$this->db_add_param($preincoming_id).','.
+				$this->db_add_param($insertamum).','.
+				$this->db_add_param($insertvon).');';
 				
 		if($this->db_query($qry))
 		{
@@ -556,20 +556,20 @@ class preincoming extends basis_db
 		
 		if($filter!='')
 		{
-			$qry.=" AND (lower(nachname) like lower('%".addslashes($filter)."%') 
-						OR lower(vorname) like lower('%".addslashes($filter)."%')
-						OR lower(nachname || ' ' || vorname) like lower('%".addslashes($filter)."%')
-						OR lower(vorname || ' ' || nachname) like lower('%".addslashes($filter)."%'))";
+			$qry.=" AND (lower(nachname) like lower('%".$this->db_escape($filter)."%') 
+						OR lower(vorname) like lower('%".$this->db_escape($filter)."%')
+						OR lower(nachname || ' ' || vorname) like lower('%".$this->db_escape($filter)."%')
+						OR lower(vorname || ' ' || nachname) like lower('%".$this->db_escape($filter)."%'))";
 		}
 		
 		if(!is_null($aktiv))
-			$qry.=" AND tbl_preincoming.aktiv=".($aktiv?'true':'false');
+			$qry.=" AND tbl_preincoming.aktiv=".$this->db_add_param($aktiv, FHC_BOOLEAN);
 		if(!is_null($uebernommen))
-			$qry.=" AND tbl_preincoming.uebernommen=".($uebernommen?'true':'false');
+			$qry.=" AND tbl_preincoming.uebernommen=".$this->db_add_param($uebernommen, FHC_BOOLEAN);
 		if($von!='')
-			$qry.=" AND tbl_preincoming.von>='".addslashes($von)."'";
+			$qry.=" AND tbl_preincoming.von>=".$this->db_add_param($von);
 		if($bis!='')
-			$qry.=" AND tbl_preincoming.bis<='".addslashes($bis)."'";
+			$qry.=" AND tbl_preincoming.bis<=".$this->db_add_param($bis);
 			
 		if($result = $this->db_query($qry))
 		{
@@ -584,13 +584,13 @@ class preincoming extends basis_db
 				$obj->firma_id = $row->firma_id;
 				$obj->anmerkung = $row->anmerkung;
 				$obj->universitaet = $row->universitaet;
-				$obj->aktiv = ($row->aktiv=='t'?true:false);
-				$obj->bachelorthesis = ($row->bachelorthesis=='t'?true:false);
-				$obj->masterthesis = ($row->masterthesis=='t'?true:false);
+				$obj->aktiv = $this->db_parse_bool($row->aktiv);
+				$obj->bachelorthesis = $this->db_parse_bool($row->bachelorthesis);
+				$obj->masterthesis = $this->db_parse_bool($row->masterthesis);
 				$obj->von = $row->von;
 				$obj->bis = $row->bis;
 				$obj->code = $row->code; 
-				$obj->uebernommen = ($row->uebernommen=='t'?true:false);
+				$obj->uebernommen = $this->db_parse_bool($row->uebernommen);
 				$obj->updateamum = $row->updateamum;
 				$obj->updatevon = $row->updatevon;
 				$obj->insertamum = $row->insertamum;
@@ -605,16 +605,16 @@ class preincoming extends basis_db
 				$obj->zgvmaster_datum = $row->zgvmaster_datum; 
 				$obj->zgvmaster_ort = $row->zgvmaster_ort; 
 				$obj->program_name = $row->program_name; 
-				$obj->bachelor = ($row->bachelor=='t'?true:false);
-				$obj->master = ($row->master=='t'?true:false);
+				$obj->bachelor = $this->db_parse_bool($row->bachelor);
+				$obj->master = $this->db_parse_bool($row->master);
 				$obj->jahre = $row->jahre; 
 				$obj->person_id_emergency = $row->person_id_emergency; 
 				$obj->person_id_coordinator_dep = $row->person_id_coordinator_dep; 
 				$obj->person_id_coordinator_int = $row->person_id_coordinator_int;
 				 
-				$obj->deutschkurs1 = ($row->deutschkurs1=='t'?true:false);
-				$obj->deutschkurs2 = ($row->deutschkurs2=='t'?true:false);
-				$obj->deutschkurs3 = ($row->deutschkurs3=='t'?true:false);				
+				$obj->deutschkurs1 = $this->db_parse_bool($row->deutschkurs1);
+				$obj->deutschkurs2 = $this->db_parse_bool($row->deutschkurs2);
+				$obj->deutschkurs3 = $this->db_parse_bool($row->deutschkurs3);
 				$obj->research_area = $row->research_area;
 				
 				$obj->vorname = $row->vorname;
@@ -633,4 +633,4 @@ class preincoming extends basis_db
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/preinteressent.class.php b/include/preinteressent.class.php
index 44778906c..0bcba5414 100644
--- a/include/preinteressent.class.php
+++ b/include/preinteressent.class.php
@@ -77,7 +77,7 @@ class preinteressent extends basis_db
 		}
 		
 		//laden des Datensatzes
-		$qry = "SELECT * FROM public.tbl_preinteressent WHERE preinteressent_id='$preinteressent_id';";
+		$qry = "SELECT * FROM public.tbl_preinteressent WHERE preinteressent_id=".$this->db_add_param($preinteressent_id, FHC_INTEGER).";";
 		
 		if($this->db_query($qry))
 		{
@@ -89,7 +89,7 @@ class preinteressent extends basis_db
 				$this->firma_id = $row->firma_id;
 				$this->anmerkung = $row->anmerkung;
 				$this->erfassungsdatum = $row->erfassungsdatum;
-				$this->einverstaendnis = ($row->einverstaendnis=='t'?true:false);
+				$this->einverstaendnis = $this->db_parse_bool($row->einverstaendnis);
 				$this->maturajahr = $row->maturajahr;
 				$this->infozusendung = $row->infozusendung;
 				$this->absagedatum = $row->absagedatum;
@@ -132,7 +132,7 @@ class preinteressent extends basis_db
 		//UNDO Befehl zusammenbauen
 		$this->db_query('BEGIN;');
 		
-		$qry = "SELECT * FROM public.tbl_preinteressent WHERE preinteressent_id = '$preinteressent_id'";
+		$qry = "SELECT * FROM public.tbl_preinteressent WHERE preinteressent_id = ".$this->db_add_param($preinteressent_id, FHC_INTEGER);
 		if($this->db_query($qry))
 		{
 			if($row = $this->db_fetch_object())
@@ -140,22 +140,22 @@ class preinteressent extends basis_db
 				$undo.=" INSERT INTO public.tbl_preinteressent(preinteressent_id, person_id, studiensemester_kurzbz, 
 						aufmerksamdurch_kurzbz, firma_id, erfassungsdatum, einverstaendnis, absagedatum, anmerkung, 
 						insertamum, insertvon, updateamum, updatevon, maturajahr, infozusendung, kontaktmedium_kurzbz) VALUES (".
-				 		$this->addslashes($row->preinteressent_id).', '.
-				 		$this->addslashes($row->person_id).', '.
-						$this->addslashes($row->studiensemester_kurzbz).', '.
-						$this->addslashes($row->aufmerksamdurch_kurzbz).', '.
-						$this->addslashes($row->firma_id).', '.
-						$this->addslashes($row->erfassungsdatum).', '.
-						($row->einverstaendnis?'true':'false').', '.
-						$this->addslashes($row->absagedatum).', '.
-						$this->addslashes($row->anmerkung).', '.
-						$this->addslashes($row->insertamum).', '.
-						$this->addslashes($row->insertvon).','.
-						$this->addslashes($row->updateamum).', '.
-						$this->addslashes($row->updatevon).', '.
-						$this->addslashes($row->maturajahr).', '.
-						$this->addslashes($row->infozusendung).', '.
-						$this->addslashes($row->kontaktmedium_kurzbz).');';
+				 		$this->db_add_param($row->preinteressent_id, FHC_INTEGER).', '.
+				 		$this->db_add_param($row->person_id, FHC_INTEGER).', '.
+						$this->db_add_param($row->studiensemester_kurzbz).', '.
+						$this->db_add_param($row->aufmerksamdurch_kurzbz).', '.
+						$this->db_add_param($row->firma_id, FHC_INTEGER).', '.
+						$this->db_add_param($row->erfassungsdatum).', '.
+						$this->db_add_param($row->einverstaendnis, FHC_BOOLEAN).', '.
+						$this->db_add_param($row->absagedatum).', '.
+						$this->db_add_param($row->anmerkung).', '.
+						$this->db_add_param($row->insertamum).', '.
+						$this->db_add_param($row->insertvon).','.
+						$this->db_add_param($row->updateamum).', '.
+						$this->db_add_param($row->updatevon).', '.
+						$this->db_add_param($row->maturajahr).', '.
+						$this->db_add_param($row->infozusendung).', '.
+						$this->db_add_param($row->kontaktmedium_kurzbz).');';
 			}
 		}
 		else 
@@ -166,22 +166,22 @@ class preinteressent extends basis_db
 		}
 		
 		
-		$qry = "SELECT * FROM public.tbl_preinteressentstudiengang WHERE preinteressent_id='$preinteressent_id'";
+		$qry = "SELECT * FROM public.tbl_preinteressentstudiengang WHERE preinteressent_id=".$this->db_add_param($preinteressent_id, FHC_INTEGER);
 		if($this->db_query($qry))
 		{
 			while($row = $this->db_fetch_object())
 			{
 				$undo.=" INSERT INTO public.tbl_preinteressentstudiengang(studiengang_kz, preinteressent_id, prioritaet, 
 						freigabedatum, uebernahmedatum, insertamum, insertvon, updateamum, updatevon) VALUES(".
-						$this->addslashes($row->studiengang_kz).','.
-						$this->addslashes($row->preinteressent_id).','.
-						$this->addslashes($row->prioritaet).','.
-						$this->addslashes($row->freigabedatum).','.
-						$this->addslashes($row->uebernahmedatum).','.
-						$this->addslashes($row->insertamum).','.
-						$this->addslashes($row->insertvon).','.
-						$this->addslashes($row->updateamum).','.
-						$this->addslashes($row->updatevon).');';
+						$this->db_add_param($row->studiengang_kz, FHC_INTEGER).','.
+						$this->db_add_param($row->preinteressent_id, FHC_INTEGER).','.
+						$this->db_add_param($row->prioritaet).','.
+						$this->db_add_param($row->freigabedatum).','.
+						$this->db_add_param($row->uebernahmedatum).','.
+						$this->db_add_param($row->insertamum).','.
+						$this->db_add_param($row->insertvon).','.
+						$this->db_add_param($row->updateamum).','.
+						$this->db_add_param($row->updatevon).');';
 			}
 		}
 		else 
@@ -191,8 +191,8 @@ class preinteressent extends basis_db
 			return false;
 		}
 		
-		$qry = "DELETE FROM public.tbl_preinteressentstudiengang WHERE preinteressent_id='$preinteressent_id';
-				DELETE FROM public.tbl_preinteressent WHERE preinteressent_id = '$preinteressent_id';";
+		$qry = "DELETE FROM public.tbl_preinteressentstudiengang WHERE preinteressent_id=".$this->db_add_param($preinteressent_id, FHC_INTEGER).";
+				DELETE FROM public.tbl_preinteressent WHERE preinteressent_id = ".$this->db_add_param($preinteressent_id, FHC_INTEGER).";";
 		
 		if($this->db_query($qry))
 		{
@@ -264,40 +264,40 @@ class preinteressent extends basis_db
 			$qry = "BEGIN;INSERT INTO public.tbl_preinteressent (studiensemester_kurzbz, 
 					aufmerksamdurch_kurzbz, firma_id, anmerkung, erfassungsdatum, einverstaendnis, absagedatum,
 					maturajahr, infozusendung, person_id, updateamum, updatevon, insertamum, insertvon, kontaktmedium_kurzbz) VALUES (".
-			       $this->addslashes($this->studiensemester_kurzbz).', '.
-			       $this->addslashes($this->aufmerksamdurch_kurzbz).', '.
-			       $this->addslashes($this->firma_id).', '.
-			       $this->addslashes($this->anmerkung).', '.
-			       $this->addslashes($this->erfassungsdatum).', '.
-			       ($this->einverstaendnis?'true':'false').', '.
-			       $this->addslashes($this->absagedatum).', '.
-			       $this->addslashes($this->maturajahr).', '.
-			       $this->addslashes($this->infozusendung).', '.
-			       $this->addslashes($this->person_id).', '.
-			       $this->addslashes($this->updateamum).', '.
-			       $this->addslashes($this->updatevon).', '.
-			       $this->addslashes($this->insertamum).', '.
-			       $this->addslashes($this->insertvon).', '.
-			       $this->addslashes($this->kontaktmedium_kurzbz).');';
+			       $this->db_add_param($this->studiensemester_kurzbz).', '.
+			       $this->db_add_param($this->aufmerksamdurch_kurzbz).', '.
+			       $this->db_add_param($this->firma_id, FHC_INTEGER).', '.
+			       $this->db_add_param($this->anmerkung).', '.
+			       $this->db_add_param($this->erfassungsdatum).', '.
+			       $this->db_add_param($this->einverstaendnis, FHC_BOOLEAN).', '.
+			       $this->db_add_param($this->absagedatum).', '.
+			       $this->db_add_param($this->maturajahr).', '.
+			       $this->db_add_param($this->infozusendung).', '.
+			       $this->db_add_param($this->person_id, FHC_INTEGER).', '.
+			       $this->db_add_param($this->updateamum).', '.
+			       $this->db_add_param($this->updatevon).', '.
+			       $this->db_add_param($this->insertamum).', '.
+			       $this->db_add_param($this->insertvon).', '.
+			       $this->db_add_param($this->kontaktmedium_kurzbz).');';
 		}
 		else 
 		{
 			//Bestehenden Datensatz aktualisieren
 			$qry= "UPDATE public.tbl_preinteressent SET".
-				  " studiensemester_kurzbz=".$this->addslashes($this->studiensemester_kurzbz).",".
-				  " aufmerksamdurch_kurzbz=".$this->addslashes($this->aufmerksamdurch_kurzbz).",".
-				  " firma_id=".$this->addslashes($this->firma_id).",".
-				  " anmerkung=".$this->addslashes($this->anmerkung).",".
-				  " erfassungsdatum=".$this->addslashes($this->erfassungsdatum).",".
-				  " einverstaendnis=".($this->einverstaendnis?'true':'false').",".
-				  " absagedatum=".$this->addslashes($this->absagedatum).",".
-				  " maturajahr=".$this->addslashes($this->maturajahr).",".
-				  " infozusendung=".$this->addslashes($this->infozusendung).",".
-				  " person_id=".$this->addslashes($this->person_id).",".
-				  " updatevon=".$this->addslashes($this->updatevon).",".
-				  " updateamum=".$this->addslashes($this->updateamum).','.
-				  " kontaktmedium_kurzbz=".$this->addslashes($this->kontaktmedium_kurzbz).
-				  " WHERE preinteressent_id='".addslashes($this->preinteressent_id)."'";
+				  " studiensemester_kurzbz=".$this->db_add_param($this->studiensemester_kurzbz).",".
+				  " aufmerksamdurch_kurzbz=".$this->db_add_param($this->aufmerksamdurch_kurzbz).",".
+				  " firma_id=".$this->db_add_param($this->firma_id, FHC_INTEGER).",".
+				  " anmerkung=".$this->db_add_param($this->anmerkung).",".
+				  " erfassungsdatum=".$this->db_add_param($this->erfassungsdatum).",".
+				  " einverstaendnis=".$this->db_add_param($this->einverstaendnis, FHC_BOOLEAN).",".
+				  " absagedatum=".$this->db_add_param($this->absagedatum).",".
+				  " maturajahr=".$this->db_add_param($this->maturajahr).",".
+				  " infozusendung=".$this->db_add_param($this->infozusendung).",".
+				  " person_id=".$this->db_add_param($this->person_id, FHC_INTEGER).",".
+				  " updatevon=".$this->db_add_param($this->updatevon).",".
+				  " updateamum=".$this->db_add_param($this->updateamum).','.
+				  " kontaktmedium_kurzbz=".$this->db_add_param($this->kontaktmedium_kurzbz).
+				  " WHERE preinteressent_id=".$this->db_add_param($this->preinteressent_id, FHC_INTEGER);
 		}
 		
 		if($this->db_query($qry))
@@ -349,9 +349,9 @@ class preinteressent extends basis_db
 	{
 		$qry = "SELECT tbl_preinteressent.*, tbl_preinteressentstudiengang.* FROM public.tbl_preinteressent JOIN public.tbl_preinteressentstudiengang USING(preinteressent_id) JOIN public.tbl_person USING(person_id) WHERE
 				(studiengang_kz, person_id) NOT IN (SELECT studiengang_kz, person_id FROM public.tbl_prestudent WHERE person_id=tbl_person.person_id) AND freigabedatum is not null AND
-				tbl_preinteressentstudiengang.studiengang_kz='$studiengang_kz'";
+				tbl_preinteressentstudiengang.studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER);
 		if($studiensemester_kurzbz!='')
-			$qry.=" AND tbl_preinteressent.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."'";
+			$qry.=" AND tbl_preinteressent.studiensemester_kurzbz=".$this->db_add_param($studiensemester_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -365,7 +365,7 @@ class preinteressent extends basis_db
 				$obj->firma_id = $row->firma_id;
 				$obj->anmerkung = $row->anmerkung;
 				$obj->erfassungsdatum = $row->erfassungsdatum;
-				$obj->einverstaendnis = ($row->einverstaendnis=='t'?true:false);
+				$obj->einverstaendnis = $this->db_parse_bool($row->einverstaendnis);
 				$obj->absagedatum = $row->absagedatum;
 				$obj->insertamum = $row->insertamum;
 				$obj->insertvon = $row->insertvon;
@@ -414,23 +414,23 @@ class preinteressent extends basis_db
 					LEFT JOIN public.tbl_kontakt USING(person_id) WHERE true";
 				
 		if($studiengang_kz!='')
-			$qry.=" AND tbl_preinteressentstudiengang.studiengang_kz='".addslashes($studiengang_kz)."'";
+			$qry.=" AND tbl_preinteressentstudiengang.studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER);
 		
 		if(!is_null($studiensemester_kurzbz))
 		{
 			if($studiensemester_kurzbz=='')
 				$qry.=" AND tbl_preinteressent.studiensemester_kurzbz is null";
 			else
-				$qry.=" AND tbl_preinteressent.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."'";
+				$qry.=" AND tbl_preinteressent.studiensemester_kurzbz=".$this->db_add_param($studiensemester_kurzbz);
 		}
 		
 		if($filter!='')
 		{
 			$datum_obj = new datum();
 		
-			$qry.=" AND (lower(nachname) like lower('%".addslashes($filter)."%') OR lower(vorname) like lower('%".addslashes($filter)."%') OR lower(kontakt) like lower('%".addslashes($filter)."%')";
+			$qry.=" AND (lower(nachname) like lower('%".$this->db_escape($filter)."%') OR lower(vorname) like lower('%".$this->db_escape($filter)."%') OR lower(kontakt) like lower('%".$this->db_escape($filter)."%')";
 			if($filter = $datum_obj->formatDatum($filter))
-				$qry.=" OR erfassungsdatum = '".addslashes($filter)."'";
+				$qry.=" OR erfassungsdatum = ".$this->db_escape($filter);
 			$qry.=")";
 		}
 		if($nichtfreigegeben==true)
@@ -442,14 +442,14 @@ class preinteressent extends basis_db
 			if($kontaktmedium=='-1')
 				$qry.=" AND tbl_preinteressent.kontaktmedium_kurzbz is null";
 			else
-				$qry.=" AND tbl_preinteressent.kontaktmedium_kurzbz='".addslashes($kontaktmedium)."'";
+				$qry.=" AND tbl_preinteressent.kontaktmedium_kurzbz=".$this->db_add_param($kontaktmedium);
 		}
 
 		if(!is_null($erfassungsdatum_bis))
-			$qry.=" AND erfassungsdatum<='".addslashes($erfassungsdatum_bis)."'";
+			$qry.=" AND erfassungsdatum<=".$this->db_add_param($erfassungsdatum_bis);
 		
 		if(!is_null($erfassungsdatum_von))
-			$qry.=" AND erfassungsdatum>='".addslashes($erfassungsdatum_von)."'";
+			$qry.=" AND erfassungsdatum>=".$this->db_add_param($erfassungsdatum_von);
 		
 		if($absage)
 			$qry.=" AND absagedatum is not null";
@@ -474,7 +474,7 @@ class preinteressent extends basis_db
 				$obj->firma_id = $row->firma_id;
 				$obj->anmerkung = $row->anmerkung;
 				$obj->erfassungsdatum = $row->erfassungsdatum;
-				$obj->einverstaendnis = ($row->einverstaendnis=='t'?true:false);
+				$obj->einverstaendnis = $this->db_parse_bool($row->einverstaendnis);
 				$obj->absagedatum = $row->absagedatum;
 				$obj->insertamum = $row->insertamum;
 				$obj->insertvon = $row->insertvon;
@@ -510,7 +510,7 @@ class preinteressent extends basis_db
 		}
 		
 		$qry = "SELECT * FROM public.tbl_preinteressentstudiengang 
-				WHERE preinteressent_id='$preinteressent_id' ORDER BY studiengang_kz";
+				WHERE preinteressent_id=".$this->db_add_param($preinteressent_id, FHC_INTEGER)." ORDER BY studiengang_kz";
 		
 		if($this->db_query($qry))
 		{
@@ -558,7 +558,8 @@ class preinteressent extends basis_db
 		}
 		
 		$qry = "SELECT * FROM public.tbl_preinteressentstudiengang 
-				WHERE preinteressent_id='$preinteressent_id' AND studiengang_kz='$studiengang_kz'";
+				WHERE preinteressent_id=".$this->db_add_param($preinteressent_id, FHC_INTEGER)." 
+				AND studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -603,26 +604,27 @@ class preinteressent extends basis_db
 			//Neuen Datensatz anlegen	
 			$qry = "INSERT INTO public.tbl_preinteressentstudiengang (studiengang_kz, preinteressent_id, 
 					prioritaet, freigabedatum, uebernahmedatum, updateamum, updatevon, insertamum, insertvon) VALUES (".
-			       $this->addslashes($this->studiengang_kz).', '.
-			       $this->addslashes($this->preinteressent_id).', '.
-			       $this->addslashes($this->prioritaet).', '.
-			       $this->addslashes($this->freigabedatum).', '.
-			       $this->addslashes($this->uebernahmedatum).', '.
-			       $this->addslashes($this->updateamum).', '.
-			       $this->addslashes($this->updatevon).', '.
-			       $this->addslashes($this->insertamum).', '.
-			       $this->addslashes($this->insertvon).');';
+			       $this->db_add_param($this->studiengang_kz).', '.
+			       $this->db_add_param($this->preinteressent_id, FHC_INTEGER).', '.
+			       $this->db_add_param($this->prioritaet).', '.
+			       $this->db_add_param($this->freigabedatum).', '.
+			       $this->db_add_param($this->uebernahmedatum).', '.
+			       $this->db_add_param($this->updateamum).', '.
+			       $this->db_add_param($this->updatevon).', '.
+			       $this->db_add_param($this->insertamum).', '.
+			       $this->db_add_param($this->insertvon).');';
 		}
 		else 
 		{
 			//Bestehenden Datensatz aktualisieren
 			$qry= "UPDATE public.tbl_preinteressentstudiengang SET".
-				  " prioritaet=".$this->addslashes($this->prioritaet).",".
-				  " freigabedatum=".$this->addslashes($this->freigabedatum).",".
-				  " uebernahmedatum=".$this->addslashes($this->uebernahmedatum).",".
-				  " updatevon=".$this->addslashes($this->updatevon).",".
-				  " updateamum=".$this->addslashes($this->updateamum).
-				  " WHERE preinteressent_id='".addslashes($this->preinteressent_id)."' AND studiengang_kz='".addslashes($this->studiengang_kz)."'";
+				  " prioritaet=".$this->db_add_param($this->prioritaet).",".
+				  " freigabedatum=".$this->db_add_param($this->freigabedatum).",".
+				  " uebernahmedatum=".$this->db_add_param($this->uebernahmedatum).",".
+				  " updatevon=".$this->db_add_param($this->updatevon).",".
+				  " updateamum=".$this->db_add_param($this->updateamum).
+				  " WHERE preinteressent_id=".$this->db_add_param($this->preinteressent_id, FHC_INTEGER)."
+					AND studiengang_kz=".$this->db_add_param($this->studiengang_kz, FHC_INTEGER);
 		}
 		
 		if($this->db_query($qry))
@@ -655,7 +657,7 @@ class preinteressent extends basis_db
 		}
 		
 		$qry = "DELETE FROM public.tbl_preinteressentstudiengang 
-				WHERE preinteressent_id='$preinteressent_id' AND studiengang_kz='$studiengang_kz'";
+				WHERE preinteressent_id=".$this->db_add_param($preinteressent_id, FHC_INTEGER)." AND studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -680,7 +682,7 @@ class preinteressent extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM public.tbl_preinteressent WHERE person_id='$person_id'";
+		$qry = "SELECT * FROM public.tbl_preinteressent WHERE person_id=".$this->db_add_param($person_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -694,7 +696,7 @@ class preinteressent extends basis_db
 				$obj->firma_id = $row->firma_id;
 				$obj->anmerkung = $row->anmerkung;
 				$obj->erfassungsdatum = $row->erfassungsdatum;
-				$obj->einverstaendnis = ($row->einverstaendnis=='t'?true:false);
+				$obj->einverstaendnis = $this->db_parse_bool($row->einverstaendnis);
 				$obj->maturajahr = $row->maturajahr;
 				$obj->infozusendung = $row->infozusendung;
 				$obj->absagedatum = $row->absagedatum;
@@ -716,4 +718,4 @@ class preinteressent extends basis_db
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/projekt.class.php b/include/projekt.class.php
index af35879db..b449fbe80 100755
--- a/include/projekt.class.php
+++ b/include/projekt.class.php
@@ -65,7 +65,7 @@ class projekt extends basis_db
 	 */
 	public function load($projekt_kurzbz)
 	{
-		$qry = "SELECT * FROM fue.tbl_projekt WHERE projekt_kurzbz='".addslashes($projekt_kurzbz)."'";
+		$qry = "SELECT * FROM fue.tbl_projekt WHERE projekt_kurzbz=".$this->db_add_param($projekt_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -154,7 +154,7 @@ class projekt extends basis_db
     {
 		$qry = 'select * from fue.tbl_projekt where beginn <= '.$this->db_add_param($ende).' and ende >= '.$this->db_add_param($beginn);
 		if (!is_null($oe))
-			$qry.= " AND oe_kurzbz='".addslashes($oe)."'";
+			$qry.= " AND oe_kurzbz=".$this->db_add_param($oe);
 		$qry.= ' ORDER BY oe_kurzbz;';
 		//echo $qry;
 		if($this->db_query($qry))
@@ -194,7 +194,7 @@ class projekt extends basis_db
 	{
 		$qry = 'SELECT * FROM fue.tbl_projekt';
 		if (!is_null($oe))
-			$qry.= " WHERE oe_kurzbz='".addslashes($oe)."'";
+			$qry.= " WHERE oe_kurzbz=".$this->db_add_param($oe);
 		$qry.= ' ORDER BY oe_kurzbz;';
 		//echo $qry;
 		if($this->db_query($qry))
@@ -281,33 +281,33 @@ class projekt extends basis_db
 			//Neuen Datensatz einfuegen
 
 			$qry='INSERT INTO fue.tbl_projekt (projekt_kurzbz, nummer, titel,beschreibung, beginn, ende, budget, farbe, oe_kurzbz, aufwandstyp_kurzbz) VALUES('.
-		     $this->addslashes($this->projekt_kurzbz).', '.
-		     $this->addslashes($this->nummer).', '.
-		     $this->addslashes($this->titel).', '.
-		     $this->addslashes($this->beschreibung).', '.
-		     $this->addslashes($this->beginn).', '.
-		     $this->addslashes($this->ende).', '.
-		     $this->addslashes($this->budget).', '.
-             $this->addslashes($this->farbe).', '.
-		     $this->addslashes($this->oe_kurzbz).','.
-		     $this->addslashes($this->aufwandstyp_kurzbz).');';
+		     $this->db_add_param($this->projekt_kurzbz).', '.
+		     $this->db_add_param($this->nummer).', '.
+		     $this->db_add_param($this->titel).', '.
+		     $this->db_add_param($this->beschreibung).', '.
+		     $this->db_add_param($this->beginn).', '.
+		     $this->db_add_param($this->ende).', '.
+		     $this->db_add_param($this->budget).', '.
+             $this->db_add_param($this->farbe).', '.
+		     $this->db_add_param($this->oe_kurzbz).','.
+		     $this->db_add_param($this->aufwandstyp_kurzbz).');';
 		}
 		else
 		{
 			//Updaten des bestehenden Datensatzes
 
 			$qry='UPDATE fue.tbl_projekt SET '.
-				'projekt_kurzbz='.$this->addslashes($this->projekt_kurzbz).', '.
-				'nummer='.$this->addslashes($this->nummer).', '.
-				'titel='.$this->addslashes($this->titel).', '.
-				'beschreibung='.$this->addslashes($this->beschreibung).', '.
-				'beginn='.$this->addslashes($this->beginn).', '.
-				'ende='.$this->addslashes($this->ende).', '.
-				'budget='.$this->addslashes($this->budget).', '.
-                'farbe='.$this->addslashes($this->farbe).', '.
-				'oe_kurzbz='.$this->addslashes($this->oe_kurzbz).', '.
-				'aufwandstyp_kurzbz='.$this->addslashes($this->aufwandstyp_kurzbz).' '.
-				'WHERE projekt_kurzbz='.$this->addslashes($this->projekt_kurzbz).';';
+				'projekt_kurzbz='.$this->db_add_param($this->projekt_kurzbz).', '.
+				'nummer='.$this->db_add_param($this->nummer).', '.
+				'titel='.$this->db_add_param($this->titel).', '.
+				'beschreibung='.$this->db_add_param($this->beschreibung).', '.
+				'beginn='.$this->db_add_param($this->beginn).', '.
+				'ende='.$this->db_add_param($this->ende).', '.
+				'budget='.$this->db_add_param($this->budget).', '.
+                'farbe='.$this->db_add_param($this->farbe).', '.
+				'oe_kurzbz='.$this->db_add_param($this->oe_kurzbz).', '.
+				'aufwandstyp_kurzbz='.$this->db_add_param($this->aufwandstyp_kurzbz).' '.
+				'WHERE projekt_kurzbz='.$this->db_add_param($this->projekt_kurzbz).';';
 		}
 		
 		if($this->db_query($qry))
@@ -316,7 +316,7 @@ class projekt extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Speichern der Daten'.$qry;
+			$this->errormsg = 'Fehler beim Speichern der Daten';
 			return false;
 		}
 	}
@@ -329,7 +329,7 @@ class projekt extends basis_db
 	public function delete($projekt_kurzbz)
 	{
 
-		$qry = "DELETE FROM lehre.tbl_projek WHERE projekt_kurzbz='".addslashes($projekt_kurzbz)."'";
+		$qry = "DELETE FROM lehre.tbl_projek WHERE projekt_kurzbz=".$this->db_add_param($projekt_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -356,7 +356,7 @@ class projekt extends basis_db
 					JOIN fue.tbl_projekt USING(projekt_kurzbz) 
 				WHERE (beginn<=now() or beginn is null) 
 				AND (ende>=now() OR ende is null) 
-				AND mitarbeiter_uid='".addslashes($mitarbeiter_uid)."'";
+				AND mitarbeiter_uid=".$this->db_add_param($mitarbeiter_uid);
 		
 		if($result = $this->db_query($qry))
 		{
@@ -382,11 +382,11 @@ class projekt extends basis_db
 			return false;
 		}
 	}
-	public function getProjektFromBestellung($bestellungID)
+	public function getProjektFromBestellung($bestellung_id)
 	{
 		$qry ="select * from fue.tbl_projekt 
 				join wawi.tbl_projekt_bestellung USING (projekt_kurzbz) 
-				where bestellung_id= '".addslashes($bestellungID)."'"; 
+				where bestellung_id= ".$this->db_add_param($bestellung_id); 
 		
 		if($this->db_query($qry))
 		{
diff --git a/include/projektarbeit.class.php b/include/projektarbeit.class.php
index f0cf621c3..b640ac3f2 100644
--- a/include/projektarbeit.class.php
+++ b/include/projektarbeit.class.php
@@ -224,26 +224,26 @@ class projektarbeit extends basis_db
 			$qry='BEGIN; INSERT INTO lehre.tbl_projektarbeit (projekttyp_kurzbz, titel, lehreinheit_id, student_uid, firma_id, note, punkte, 
 				beginn, ende, faktor, freigegeben, gesperrtbis, stundensatz, gesamtstunden, themenbereich, anmerkung, 
 				ext_id, insertamum, insertvon, updateamum, updatevon, titel_english) VALUES('.
-			     $this->addslashes($this->projekttyp_kurzbz).', '.
-			     $this->addslashes($this->titel).', '.
-			     $this->addslashes($this->lehreinheit_id).', '.
-			     $this->addslashes($this->student_uid).', '.
-			     $this->addslashes($this->firma_id).', '.
-			     $this->addslashes($this->note).', '.
-			     $this->addslashes($this->punkte).', '.
-			     $this->addslashes($this->beginn).', '.
-			     $this->addslashes($this->ende).', '.
-			     $this->addslashes($this->faktor).', '.
-			     ($this->freigegeben?'true':'false').', '.
-			     $this->addslashes($this->gesperrtbis).', '.
-			     $this->addslashes($this->stundensatz).', '.
-			     $this->addslashes($this->gesamtstunden).', '.
-			     $this->addslashes($this->themenbereich).', '.
-			     $this->addslashes($this->anmerkung).', '.
-			     $this->addslashes($this->ext_id).',  now(), '.
-			     $this->addslashes($this->insertvon).', now(), '.
-			     $this->addslashes($this->updatevon).','.
-			     $this->addslashes($this->titel_english).');';
+			     $this->db_add_param($this->projekttyp_kurzbz).', '.
+			     $this->db_add_param($this->titel).', '.
+			     $this->db_add_param($this->lehreinheit_id, FHC_INTEGER).', '.
+			     $this->db_add_param($this->student_uid).', '.
+			     $this->db_add_param($this->firma_id, FHC_INTEGER).', '.
+			     $this->db_add_param($this->note).', '.
+			     $this->db_add_param($this->punkte).', '.
+			     $this->db_add_param($this->beginn).', '.
+			     $this->db_add_param($this->ende).', '.
+			     $this->db_add_param($this->faktor).', '.
+			     $this->db_add_param($this->freigegeben, FHC_BOOLEAN).', '.
+			     $this->db_add_param($this->gesperrtbis).', '.
+			     $this->db_add_param($this->stundensatz).', '.
+			     $this->db_add_param($this->gesamtstunden).', '.
+			     $this->db_add_param($this->themenbereich).', '.
+			     $this->db_add_param($this->anmerkung).', '.
+			     $this->db_add_param($this->ext_id).',  now(), '.
+			     $this->db_add_param($this->insertvon).', now(), '.
+			     $this->db_add_param($this->updatevon).','.
+			     $this->db_add_param($this->titel_english).');';
 		}
 		else
 		{
@@ -257,26 +257,26 @@ class projektarbeit extends basis_db
 			}
 
 			$qry='UPDATE lehre.tbl_projektarbeit SET '.
-				'projekttyp_kurzbz='.$this->addslashes($this->projekttyp_kurzbz).', '.
-				'titel='.$this->addslashes($this->titel).', '.
-				'titel_english='.$this->addslashes($this->titel_english).', '.
-				'lehreinheit_id='.$this->addslashes($this->lehreinheit_id).', '.
-				'student_uid='.$this->addslashes($this->student_uid).', '.
-				'firma_id='.$this->addslashes($this->firma_id).', '.
-				'note='.$this->addslashes($this->note).', '.
-				'punkte='.$this->addslashes($this->punkte).', '.
-				'beginn='.$this->addslashes($this->beginn).', '.
-				'ende='.$this->addslashes($this->ende).', '.
-				'faktor='.$this->addslashes($this->faktor).', '.
-				'freigegeben='.($this->freigegeben?'true':'false').', '.
-				'gesperrtbis='.$this->addslashes($this->gesperrtbis).', '.
-				'stundensatz='.$this->addslashes($this->stundensatz).', '.
-				'gesamtstunden='.$this->addslashes($this->gesamtstunden).', '.
-				'themenbereich='.$this->addslashes($this->themenbereich).', '.
-				'anmerkung='.$this->addslashes($this->anmerkung).', '.
+				'projekttyp_kurzbz='.$this->db_add_param($this->projekttyp_kurzbz).', '.
+				'titel='.$this->db_add_param($this->titel).', '.
+				'titel_english='.$this->db_add_param($this->titel_english).', '.
+				'lehreinheit_id='.$this->db_add_param($this->lehreinheit_id, FHC_INTEGER).', '.
+				'student_uid='.$this->db_add_param($this->student_uid).', '.
+				'firma_id='.$this->db_add_param($this->firma_id, FHC_INTEGER).', '.
+				'note='.$this->db_add_param($this->note).', '.
+				'punkte='.$this->db_add_param($this->punkte).', '.
+				'beginn='.$this->db_add_param($this->beginn).', '.
+				'ende='.$this->db_add_param($this->ende).', '.
+				'faktor='.$this->db_add_param($this->faktor).', '.
+				'freigegeben='.$this->db_add_param($this->freigegeben, FHC_BOOLEAN).', '.
+				'gesperrtbis='.$this->db_add_param($this->gesperrtbis).', '.
+				'stundensatz='.$this->db_add_param($this->stundensatz).', '.
+				'gesamtstunden='.$this->db_add_param($this->gesamtstunden).', '.
+				'themenbereich='.$this->db_add_param($this->themenbereich).', '.
+				'anmerkung='.$this->db_add_param($this->anmerkung).', '.
 				'updateamum= now(), '.
-				'updatevon='.$this->addslashes($this->updatevon).' '.
-				'WHERE projektarbeit_id='.$this->addslashes($this->projektarbeit_id).';';
+				'updatevon='.$this->db_add_param($this->updatevon).' '.
+				'WHERE projektarbeit_id='.$this->db_add_param($this->projektarbeit_id, FHC_INTEGER).';';
 		}
 		
 		if($this->db_query($qry))
@@ -330,7 +330,7 @@ class projektarbeit extends basis_db
 			return true;
 		}
 		
-		$qry = "DELETE FROM lehre.tbl_projektarbeit WHERE projektarbeit_id='$projektarbeit_id'";
+		$qry = "DELETE FROM lehre.tbl_projektarbeit WHERE projektarbeit_id=".$this->db_add_param($projektarbeit_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -350,7 +350,8 @@ class projektarbeit extends basis_db
 	 */
 	public function getProjektarbeit($student_uid)
 	{
-		$qry = "SELECT * FROM lehre.tbl_projektarbeit JOIN lehre.tbl_projekttyp USING (projekttyp_kurzbz) WHERE student_uid='".addslashes($student_uid)."'";
+		$qry = "SELECT * FROM lehre.tbl_projektarbeit JOIN lehre.tbl_projekttyp USING (projekttyp_kurzbz) 
+				WHERE student_uid=".$this->db_add_param($student_uid);
 		
 		if($this->db_query($qry))
 		{
@@ -371,7 +372,7 @@ class projektarbeit extends basis_db
 				$obj->beginn = $row->beginn;
 				$obj->ende = $row->ende;
 				$obj->faktor = $row->faktor;
-				$obj->freigegeben = ($row->freigegeben=='t'?true:false);
+				$obj->freigegeben = $this->db_parse_bool($row->freigegeben);
 				$obj->gesperrtbis = $row->gesperrtbis;
 				$obj->stundensatz = $row->stundensatz;
 				$obj->gesamtstunden = $row->gesamtstunden;
@@ -411,8 +412,8 @@ class projektarbeit extends basis_db
 				WHERE 
 					tbl_projektarbeit.lehreinheit_id=tbl_lehreinheit.lehreinheit_id AND
 					tbl_lehreinheit.lehrveranstaltung_id = tbl_lehrveranstaltung.lehrveranstaltung_id AND
-					tbl_lehrveranstaltung.studiengang_kz='".addslashes($studiengang_kz)."' AND
-					tbl_lehreinheit.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."'";
+					tbl_lehrveranstaltung.studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER)." AND
+					tbl_lehreinheit.studiensemester_kurzbz=".$this->db_add_param($studiensemester_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -433,7 +434,7 @@ class projektarbeit extends basis_db
 				$obj->beginn = $row->beginn;
 				$obj->ende = $row->ende;
 				$obj->faktor = $row->faktor;
-				$obj->freigegeben = ($row->freigegeben=='t'?true:false);
+				$obj->freigegeben = $this->db_parse_bool($row->freigegeben);
 				$obj->gesperrtbis = $row->gesperrtbis;
 				$obj->stundensatz = $row->stundensatz;
 				$obj->gesamtstunden = $row->gesamtstunden;
diff --git a/include/projektbenutzer.class.php b/include/projektbenutzer.class.php
index 70bc7c047..8e96ba643 100755
--- a/include/projektbenutzer.class.php
+++ b/include/projektbenutzer.class.php
@@ -67,7 +67,7 @@ class projektbenutzer extends basis_db
 	 * @param  $projekt_kurzbz ID der zu ladenden Projektbenutzer
 	 * @return true wenn ok, false im Fehlerfall
 	 */
-	public function load($von=null, $bis=null)
+	public function load()
 	{
 		$qry = "SELECT *, now() AS now FROM fue.tbl_projektbenutzer JOIN fue.tbl_projekt USING (projekt_kurzbz) 
 			WHERE  (beginn<now() OR beginn IS NULL) AND (ende>now() OR ende IS NULL);";
@@ -111,11 +111,11 @@ class projektbenutzer extends basis_db
 		return asort($this->uids, SORT_REGULAR);
 		//return true;
 	}
+
 	/**
 	 * Ermittelt die User aus $result und vereinfacht (Unique)
 	 * @return true wenn ok, false im Fehlerfall
 	 */
-	
 	public function getProjektePerUID($uid,$date=null)
 	{
 		$count=0;
@@ -133,9 +133,7 @@ class projektbenutzer extends basis_db
 	 */
 	public function loadProjekt($projekt_kurzbz)
 	{
-
-		
-		$qry = "SELECT * FROM fue.tbl_projekt WHERE projekt_kurzbz=".$this->addslashes($projekt_kurzbz);
+		$qry = "SELECT * FROM fue.tbl_projekt WHERE projekt_kurzbz=".$this->db_add_param($projekt_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -169,13 +167,13 @@ class projektbenutzer extends basis_db
 	 * @param  $projekt_kurzbz ID der zu ladenden Projektarbeit
 	 * @return true wenn ok, false im Fehlerfall
 	 */
-	public function getProjekte($oe=null,$uid=null)
+	public function getProjekte($oe=null)
 	{
 		$qry = 'SELECT * FROM fue.tbl_projekt';
 		if (!is_null($oe))
-			$qry.= " WHERE oe_kurzbz='$oe'";
+			$qry.= " WHERE oe_kurzbz=".$this->db_add_param($oe);
 		$qry.= ' ORDER BY oe_kurzbz;';
-		//echo $qry;
+
 		if($this->db_query($qry))
 		{
 			while($row = $this->db_fetch_object())
@@ -257,27 +255,27 @@ class projektbenutzer extends basis_db
 			//Neuen Datensatz einfuegen
 
 			$qry='BEGIN; INSERT INTO fue.tbl_projekt (projekt_kurzbz, nummer, titel,beschreibung, beginn, ende, oe_kurzbz) VALUES('.
-		     $this->addslashes($this->projekt_kurzbz).', '.
-		     $this->addslashes($this->nummer).', '.
-		     $this->addslashes($this->titel).', '.
-		     $this->addslashes($this->beschreibung).', '.
-		     $this->addslashes($this->beginn).', '.
-		     $this->addslashes($this->ende).', '.
-		     $this->addslashes($this->oe_kurzbz).');';
+		     $this->db_add_param($this->projekt_kurzbz).', '.
+		     $this->db_add_param($this->nummer).', '.
+		     $this->db_add_param($this->titel).', '.
+		     $this->db_add_param($this->beschreibung).', '.
+		     $this->db_add_param($this->beginn).', '.
+		     $this->db_add_param($this->ende).', '.
+		     $this->db_add_param($this->oe_kurzbz).');';
 		}
 		else
 		{
 			//Updaten des bestehenden Datensatzes
 
 			$qry='UPDATE fue.tbl_projekt SET '.
-				'projekt_kurzbz='.$this->addslashes($this->projekt_kurzbz).', '.
-				'nummer='.$this->addslashes($this->nummer).', '.
-				'titel='.$this->addslashes($this->titel).', '.
-				'beschreibung='.$this->addslashes($this->beschreibung).', '.
-				'beginn='.$this->addslashes($this->beginn).', '.
-				'ende='.$this->addslashes($this->ende).', '.
-				'oe_kurzbz='.$this->addslashes($this->oe_kurzbz).' '.
-				'WHERE projekt_kurzbz='.$this->addslashes($this->projekt_kurzbz).';';
+				'projekt_kurzbz='.$this->db_add_param($this->projekt_kurzbz).', '.
+				'nummer='.$this->db_add_param($this->nummer).', '.
+				'titel='.$this->db_add_param($this->titel).', '.
+				'beschreibung='.$this->db_add_param($this->beschreibung).', '.
+				'beginn='.$this->db_add_param($this->beginn).', '.
+				'ende='.$this->db_add_param($this->ende).', '.
+				'oe_kurzbz='.$this->db_add_param($this->oe_kurzbz).' '.
+				'WHERE projekt_kurzbz='.$this->db_add_param($this->projekt_kurzbz).';';
 		}
 		
 		if($this->db_query($qry))
@@ -289,141 +287,7 @@ class projektbenutzer extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Speichern der Daten'.$qry;
-			return false;
-		}
-	}
-
-	/**
-	 * Loescht den Datenensatz mit der ID die uebergeben wird
-	 * @param $projekt_kurzbz ID die geloescht werden soll
-	 * @return true wenn ok, false im Fehlerfall
-	 */
-	public function delete($projekt_kurzbz)
-	{
-		if(!is_numeric($projekt_kurzbz))
-		{
-			$this->errormsg = 'Projektarbeit_id ist ungueltig';
-			return true;
-		}
-		
-		$qry = "DELETE FROM lehre.tbl_projektarbeit WHERE projekt_kurzbz='$projekt_kurzbz'";
-		
-		if($this->db_query($qry))
-		{
-			return true;
-		}
-		else 
-		{
-			$this->errormsg = 'Fehler beim Loeschen des Datensatzes';
-			return false;
-		}		
-	}
-	
-	/**
-	 * Laedt alle Projektarbeiten eines Studenten
-	 * @param student_uid
-	 * @return true wenn ok, false wenn Fehler
-	 */
-	public function getProjektarbeit($student_uid)
-	{
-		$qry = "SELECT * FROM lehre.tbl_projektarbeit WHERE student_uid='".addslashes($student_uid)."'";
-		
-		if($this->db_query($qry))
-		{
-			while($row = $this->db_fetch_object())
-			{
-				$obj = new projektarbeit();
-				
-				$obj->projekt_kurzbz = $row->projekt_kurzbz;
-				$obj->projekttyp_kurzbz = $row->projekttyp_kurzbz;
-				$obj->titel = $row->titel;
-				$obj->titel_english = $row->titel_english;
-				$obj->lehreinheit_id = $row->lehreinheit_id;
-				$obj->student_uid = $row->student_uid;
-				$obj->firma_id = $row->firma_id;
-				$obj->note = $row->note;
-				$obj->punkte = $row->punkte;
-				$obj->beginn = $row->beginn;
-				$obj->ende = $row->ende;
-				$obj->faktor = $row->faktor;
-				$obj->freigegeben = ($row->freigegeben=='t'?true:false);
-				$obj->gesperrtbis = $row->gesperrtbis;
-				$obj->stundensatz = $row->stundensatz;
-				$obj->gesamtstunden = $row->gesamtstunden;
-				$obj->themenbereich = $row->themenbereich;
-				$obj->anmerkung = $row->anmerkung;
-				$obj->ext_id = $row->ext_id;
-				$obj->insertamum = $row->insertamum;
-				$obj->insertvon = $row->insertvon;
-				$obj->updateamum = $row->updateamum;
-				$obj->updatevon = $row->updatevon;
-				
-				$this->result[] = $obj;
-			}
-			return true;
-		}
-		else 
-		{
-			$this->errormsg = 'Fehler beim Laden der Daten';
-			return false;
-		}
-	}
-	
-	/**
-	 * Laedt alle Projektarbeiten eines Studienganges/Studiensemesters
-	 * @param studiengang_kz, studiensemester_kurzbz
-	 * @return true wenn ok, false wenn Fehler
-	 */
-	public function getProjektarbeitStudiensemester($studiengang_kz, $studiensemester_kurzbz)
-	{
-		$qry = "SELECT 
-					tbl_projektarbeit.* 
-				FROM 
-					lehre.tbl_projektarbeit, lehre.tbl_lehreinheit, lehre.tbl_lehrveranstaltung
-				WHERE 
-					tbl_projektarbeit.lehreinheit_id=tbl_lehreinheit.lehreinheit_id AND
-					tbl_lehreinheit.lehrveranstaltung_id = tbl_lehrveranstaltung.lehrveranstaltung_id AND
-					tbl_lehrveranstaltung.studiengang_kz='".addslashes($studiengang_kz)."' AND
-					tbl_lehreinheit.studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."'";
-		
-		if($this->db_query($qry))
-		{
-			while($row = $this->db_fetch_object())
-			{
-				$obj = new projektarbeit();
-				
-				$obj->projekt_kurzbz = $row->projekt_kurzbz;
-				$obj->projekttyp_kurzbz = $row->projekttyp_kurzbz;
-				$obj->titel = $row->titel;
-				$obj->titel_english = $row->titel_english;
-				$obj->lehreinheit_id = $row->lehreinheit_id;
-				$obj->student_uid = $row->student_uid;
-				$obj->firma_id = $row->firma_id;
-				$obj->note = $row->note;
-				$obj->punkte = $row->punkte;
-				$obj->beginn = $row->beginn;
-				$obj->ende = $row->ende;
-				$obj->faktor = $row->faktor;
-				$obj->freigegeben = ($row->freigegeben=='t'?true:false);
-				$obj->gesperrtbis = $row->gesperrtbis;
-				$obj->stundensatz = $row->stundensatz;
-				$obj->gesamtstunden = $row->gesamtstunden;
-				$obj->themenbereich = $row->themenbereich;
-				$obj->anmerkung = $row->anmerkung;
-				$obj->ext_id = $row->ext_id;
-				$obj->insertamum = $row->insertamum;
-				$obj->insertvon = $row->insertvon;
-				$obj->updateamum = $row->updateamum;
-				$obj->updatevon = $row->updatevon;
-				
-				$this->result[] = $obj;
-			}
-			return true;
-		}
-		else 
-		{
-			$this->errormsg = 'Fehler beim Laden der Daten';
+			$this->errormsg = 'Fehler beim Speichern der Daten';
 			return false;
 		}
 	}
diff --git a/include/projektbetreuer.class.php b/include/projektbetreuer.class.php
index 8c69bd073..62a661eca 100644
--- a/include/projektbetreuer.class.php
+++ b/include/projektbetreuer.class.php
@@ -300,7 +300,7 @@ class projektbetreuer extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM lehre.tbl_projektbetreuer WHERE projektarbeit_id='".$projektarbeit_id."' ORDER BY name";
+		$qry = "SELECT * FROM lehre.tbl_projektbetreuer WHERE projektarbeit_id=".$this->db_add_param($projektarbeit_id, FHC_INTEGER)." ORDER BY name";
 		
 		if($this->db_query($qry))
 		{
diff --git a/include/projektphase.class.php b/include/projektphase.class.php
index fd95d138d..9b4c8bbbe 100755
--- a/include/projektphase.class.php
+++ b/include/projektphase.class.php
@@ -72,7 +72,7 @@ class projektphase extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM fue.tbl_projektphase WHERE projektphase_id='$projektphase_id'";
+		$qry = "SELECT * FROM fue.tbl_projektphase WHERE projektphase_id=".$this->db_add_param($projektphase_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -116,16 +116,16 @@ class projektphase extends basis_db
 	public function getProjektphasenForFk($projekt_kurzbz, $projektphase_id)
 	{
 		$this->result=array();
-		$qry = "Select * from fue.tbl_projektphase where projekt_kurzbz = '".addslashes($projekt_kurzbz)."' and projektphase_id not in (
+		$qry = "Select * from fue.tbl_projektphase where projekt_kurzbz = ".$this->db_add_param($projekt_kurzbz)." and projektphase_id not in (
 		WITH RECURSIVE tasks(projektphase_fk) as 
 		(
 			SELECT projektphase_id FROM fue.tbl_projektphase
-			WHERE projektphase_fk='".addslashes($projektphase_id)."'
+			WHERE projektphase_fk=".$this->db_add_param($projektphase_id, FHC_INTEGER)."
 			UNION ALL
 			SELECT p.projektphase_id FROM fue.tbl_projektphase p, tasks 
 			WHERE p.projektphase_fk=tasks.projektphase_fk
 		) SELECT *
-		FROM tasks) and projektphase_id not in ('".addslashes($projektphase_id)."')";
+		FROM tasks) and projektphase_id not in (".$this->db_add_param($projektphase_id, FHC_INTEGER).")";
 		//echo "\n".$qry."\n";
 		
 		if($this->db_query($qry))
@@ -170,7 +170,7 @@ class projektphase extends basis_db
 	public function getProjektphasen($projekt_kurzbz, $foreignkey = null)
 	{
 		$this->result=array();
-		$qry = "SELECT * FROM fue.tbl_projektphase WHERE projekt_kurzbz='$projekt_kurzbz'";
+		$qry = "SELECT * FROM fue.tbl_projektphase WHERE projekt_kurzbz=".$this->db_add_param($projekt_kurzbz);
 		//echo "\n".$qry."\n";
 		
 		if(!is_null($foreignkey))
@@ -297,35 +297,35 @@ class projektphase extends basis_db
 
 			$qry='BEGIN; INSERT INTO fue.tbl_projektphase (projekt_kurzbz, projektphase_fk, bezeichnung, 
 				beschreibung, start, ende, budget, insertvon, insertamum, updatevon, updateamum, farbe, personentage) VALUES ('.
-			     $this->addslashes($this->projekt_kurzbz).', '.
-			     $this->addslashes($this->projektphase_fk).', '.
-				 $this->addslashes($this->bezeichnung).', '.
-			     $this->addslashes($this->beschreibung).', '.
-			     $this->addslashes($this->start).', '.
-			     $this->addslashes($this->ende).', '.
-			     $this->addslashes($this->budget).', '.
-			     $this->addslashes($this->insertvon).', now(), '.
-			     $this->addslashes($this->updatevon).', now(), '.
-                 $this->addslashes($this->farbe).', '.
-			     $this->addslashes($this->personentage).' );';
+			     $this->db_add_param($this->projekt_kurzbz).', '.
+			     $this->db_add_param($this->projektphase_fk).', '.
+				 $this->db_add_param($this->bezeichnung).', '.
+			     $this->db_add_param($this->beschreibung).', '.
+			     $this->db_add_param($this->start).', '.
+			     $this->db_add_param($this->ende).', '.
+			     $this->db_add_param($this->budget).', '.
+			     $this->db_add_param($this->insertvon).', now(), '.
+			     $this->db_add_param($this->updatevon).', now(), '.
+                 $this->db_add_param($this->farbe).', '.
+			     $this->db_add_param($this->personentage).' );';
 		}
 		else
 		{
 			//Updaten des bestehenden Datensatzes
 
 			$qry='UPDATE fue.tbl_projektphase SET '.
-				'projekt_kurzbz='.$this->addslashes($this->projekt_kurzbz).', '.
-				'projektphase_fk='.$this->addslashes($this->projektphase_fk).', '.
-				'bezeichnung='.$this->addslashes($this->bezeichnung).', '.
-				'beschreibung='.$this->addslashes($this->beschreibung).', '.
-				'start='.$this->addslashes($this->start).', '.
-				'ende='.$this->addslashes($this->ende).', '.
-				'budget='.$this->addslashes($this->budget).', '.
-                'farbe='.$this->addslashes($this->farbe).', '.
-				'personentage='.$this->addslashes($this->personentage).', '.
+				'projekt_kurzbz='.$this->db_add_param($this->projekt_kurzbz).', '.
+				'projektphase_fk='.$this->db_add_param($this->projektphase_fk).', '.
+				'bezeichnung='.$this->db_add_param($this->bezeichnung).', '.
+				'beschreibung='.$this->db_add_param($this->beschreibung).', '.
+				'start='.$this->db_add_param($this->start).', '.
+				'ende='.$this->db_add_param($this->ende).', '.
+				'budget='.$this->db_add_param($this->budget).', '.
+                'farbe='.$this->db_add_param($this->farbe).', '.
+				'personentage='.$this->db_add_param($this->personentage).', '.
 				'updateamum= now(), '.
-				'updatevon='.$this->addslashes($this->updatevon).' '.
-				'WHERE projektphase_id='.$this->addslashes($this->projektphase_id).';';
+				'updatevon='.$this->db_add_param($this->updatevon).' '.
+				'WHERE projektphase_id='.$this->db_add_param($this->projektphase_id, FHC_INTEGER).';';
 		}
 		
 		if($this->db_query($qry))
@@ -388,19 +388,19 @@ class projektphase extends basis_db
 		
 		// Beginne Transaktion und lösche alle Tasks der Phase
 		$qry1 ="Begin; DELETE FROM fue.tbl_projekttask 
-		WHERE projektphase_id ='".addslashes($projektphase_id)."';";
+		WHERE projektphase_id =".$this->db_add_param($projektphase_id, FHC_INTEGER).";";
 		
 		if($this->db_query($qry1))
 		{
 			// Lösche alle zugewiesenen Ressourcen
 			$qry2 = "DELETE FROM fue.tbl_projekt_ressource 
-			WHERE projektphase_id ='".addslashes($projektphase_id)."';";
+			WHERE projektphase_id =".$this->db_add_param($projektphase_id, FHC_INTEGER).";";
 			
 			if($this->db_query($qry2))
 			{
 				// Lösche den Phaseneintrag
 				$qry3 = "DELETE FROM fue.tbl_projektphase 
-				WHERE projektphase_id = '".addslashes($projektphase_id)."';";
+				WHERE projektphase_id = ".$this->db_add_param($projektphase_id, FHC_INTEGER).";";
 				
 				if($this->db_query($qry3))
 				{
@@ -434,7 +434,7 @@ class projektphase extends basis_db
 	 */
 	public function existPhaseFk($projektphase_id)
 	{
-		$qry = "SELECT * FROM fue.tbl_projektphase WHERE projektphase_fk ='".addslashes($projektphase_id)."';";
+		$qry = "SELECT * FROM fue.tbl_projektphase WHERE projektphase_fk =".$this->db_add_param($projektphase_id, FHC_INTEGER).";";
 		
 		if($this->db_query($qry))
 		{
@@ -464,17 +464,17 @@ class projektphase extends basis_db
 				return false;
 			}
 			$qry ="DELETE from fue.tbl_projekt_ressource 
-					WHERE projektphase_id ='".addslashes($projektphase_id)."' and 
-					ressource_id='".addslashes($ressource_id)."';";
+					WHERE projektphase_id =".$this->db_add_param($projektphase_id, FHC_INTEGER)." and 
+					ressource_id=".$this->db_add_param($ressource_id, FHC_INTEGER).";";
 		}else
 		{
 			// gesamte Ressourcen von Phase werden gelöscht
 			if(!is_numeric($projektphase_id))
 			{
-				$htis->errormsg ="Keine gültige ID übergeben";
+				$this->errormsg ="Keine gültige ID übergeben";
 			}
 			$qry ="DELETE from fue.tbl_projekt_ressource 
-					WHERE projektphase_id ='".addslashes($projektphase_id)."';";
+					WHERE projektphase_id =".$this->db_add_param($projektphase_id, FHC_INTEGER).";";
 		}
 
 		if($this->db_query($qry))
@@ -497,13 +497,13 @@ class projektphase extends basis_db
 	{
 		$qry = "Select * from fue.tbl_projektphase phase 
 		join fue.tbl_projekttask task using(projektphase_id) 
-		where task.projektphase_id = '".addslashes($projektphase_id)."'
+		where task.projektphase_id = ".$this->db_add_param($projektphase_id, FHC_INTEGER)."
 		OR task.projektphase_id IN (
 		
 		WITH RECURSIVE tasks(projektphase_fk) as 
 		(
 			SELECT projektphase_id FROM fue.tbl_projektphase
-			WHERE projektphase_fk='".addslashes($projektphase_id)."'
+			WHERE projektphase_fk=".$this->db_add_param($projektphase_id, FHC_INTEGER)."
 			UNION ALL
 			SELECT p.projektphase_id FROM fue.tbl_projektphase p, tasks 
 			WHERE p.projektphase_fk=tasks.projektphase_fk
diff --git a/include/projekttask.class.php b/include/projekttask.class.php
index 8c425e38a..d58a276c6 100755
--- a/include/projekttask.class.php
+++ b/include/projekttask.class.php
@@ -72,7 +72,7 @@ class projekttask extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM fue.tbl_projekttask WHERE projekttask_id='$projekttask_id'";
+		$qry = "SELECT * FROM fue.tbl_projekttask WHERE projekttask_id=".$this->db_add_param($projekttask_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -89,7 +89,7 @@ class projekttask extends basis_db
 				$this->insertvon = $row->insertvon;
 				$this->updateamum = $row->updateamum;
 				$this->updatevon = $row->updatevon;
-				$this->erledigt = ($row->erledigt=='t'?true:false);
+				$this->erledigt = $this->db_parse_bool($row->erledigt);
 				$this->projekttask_fk = $row->projekttask_fk;
 				$this->ende = $row->ende; 
 				$this->ressource_id = $row->ressource_id; 
@@ -109,7 +109,7 @@ class projekttask extends basis_db
 		}
 	}
 
-/**
+	/**
 	 * Laedt die Projekttasks für den Statusbericht -> 3 nächsten Tasks eines Projektes
 	 * @param  $projektphase_id ID der Projektphase, wenn null greift $projekt_kurzbz
 	 * @return true wenn ok, false im Fehlerfall
@@ -118,7 +118,7 @@ class projekttask extends basis_db
 	{
 			$qry ="SELECT task.* FROM fue.tbl_projekttask task
 			JOIN fue.tbl_projektphase phase ON(phase.projektphase_id = task.projektphase_id)
-			JOIN fue.tbl_projekt projekt USING(projekt_kurzbz) where projekt_kurzbz = '".addslashes($projekt_kurzbz)."' 
+			JOIN fue.tbl_projekt projekt USING(projekt_kurzbz) where projekt_kurzbz = ".$this->db_add_param($projekt_kurzbz)."
 			and erledigt = false and task.ende >= CURRENT_DATE ORDER BY ende LIMIT 3;";
 
 		if($this->db_query($qry))
@@ -139,7 +139,7 @@ class projekttask extends basis_db
 				$obj->insertvon = $row->insertvon;
 				$obj->updateamum = $row->updateamum;
 				$obj->updatevon = $row->updatevon;
-				$obj->erledigt = ($row->erledigt=='t'?true:false);
+				$obj->erledigt = $this->db_parse_bool($row->erledigt);
 				$obj->projekttask_fk = $row->projekttask_fk;
 				$obj->ende = $row->ende; 
 				$obj->ressource_id = $row->ressource_id; 
@@ -170,10 +170,10 @@ class projekttask extends basis_db
 		{
 			$qry ="SELECT task.* FROM fue.tbl_projekttask task
 			JOIN fue.tbl_projektphase phase ON(phase.projektphase_id = task.projektphase_id)
-			JOIN fue.tbl_projekt projekt USING(projekt_kurzbz) where projekt_kurzbz = '".addslashes($projekt_kurzbz)."'";
+			JOIN fue.tbl_projekt projekt USING(projekt_kurzbz) where projekt_kurzbz = ".$this->db_add_param($projekt_kurzbz);
 			
 		}elseif (!is_null($projektphase_id))
-			$qry = "SELECT * FROM fue.tbl_projekttask WHERE projektphase_id='".addslashes($projektphase_id)."'";
+			$qry = "SELECT * FROM fue.tbl_projekttask WHERE projektphase_id=".$this->db_add_param($projektphase_id, FHC_INTEGER);
 		else
         	$qry='';
 
@@ -205,7 +205,7 @@ class projekttask extends basis_db
 				$obj->insertvon = $row->insertvon;
 				$obj->updateamum = $row->updateamum;
 				$obj->updatevon = $row->updatevon;
-				$obj->erledigt = ($row->erledigt=='t'?true:false);
+				$obj->erledigt = $this->db_parse_bool($row->erledigt);
 				$obj->projekttask_fk = $row->projekttask_fk;
 				$obj->ende = $row->ende; 
 				$obj->ressource_id = $row->ressource_id; 
@@ -258,8 +258,8 @@ class projekttask extends basis_db
 			return false; 
 		}
 		
-		$qry ="UPDATE fue.tbl_projekttask SET projektphase_id = ".addslashes($projektphase_id)." 
-		WHERE projekttask_id = ".addslashes($projekttask_id)." OR projekttask_fk =".addslashes($projekttask_id); 
+		$qry ="UPDATE fue.tbl_projekttask SET projektphase_id = ".$this->db_add_param($projektphase_id, FHC_INTEGER)." 
+		WHERE projekttask_id = ".$this->db_add_param($projekttask_id, FHC_INTEGER)." OR projekttask_fk =".$this->db_add_param($projekttask_id, FHC_INTEGER); 
 		
 		if($this->db_query($qry))
 			return true; 
@@ -291,37 +291,37 @@ class projekttask extends basis_db
 
 			$qry='BEGIN; INSERT INTO fue.tbl_projekttask (projektphase_id, bezeichnung, beschreibung, aufwand, mantis_id, scrumsprint_id, projekttask_fk, ende, ressource_id, erledigt, insertamum, 
 				insertvon, updateamum, updatevon) VALUES('.
-			     $this->addslashes($this->projektphase_id).', '.
-			     $this->addslashes($this->bezeichnung).', '.
-			     $this->addslashes($this->beschreibung).', '.
-			     $this->addslashes($this->aufwand).', '.
-			     $this->addslashes($this->mantis_id).','.
-			     $this->addslashes($this->scrumsprint_id).','.
-			     $this->addslashes($this->projekttask_fk).','.
-			     $this->addslashes($this->ende).','.
-			     $this->addslashes($this->ressource_id).','.
-			     ($this->erledigt?'true':'false').',  
+			     $this->db_add_param($this->projektphase_id).', '.
+			     $this->db_add_param($this->bezeichnung).', '.
+			     $this->db_add_param($this->beschreibung).', '.
+			     $this->db_add_param($this->aufwand).', '.
+			     $this->db_add_param($this->mantis_id).','.
+			     $this->db_add_param($this->scrumsprint_id).','.
+			     $this->db_add_param($this->projekttask_fk).','.
+			     $this->db_add_param($this->ende).','.
+			     $this->db_add_param($this->ressource_id).','.
+			     $this->db_add_param($this->erledigt, FHC_BOOLEAN).',  
 			     now(), '.
-			     $this->addslashes($this->insertvon).', 
+			     $this->db_add_param($this->insertvon).', 
 			     now(), '.
-			     $this->addslashes($this->updatevon).');';
+			     $this->db_add_param($this->updatevon).');';
 		}
 		else
 		{
 			$qry='UPDATE fue.tbl_projekttask SET '.
-				'projektphase_id='.$this->addslashes($this->projektphase_id).', '.
-				'bezeichnung='.$this->addslashes($this->bezeichnung).', '.
-				'beschreibung='.$this->addslashes($this->beschreibung).', '.
-				'aufwand='.$this->addslashes($this->aufwand).', '.
-				'mantis_id='.$this->addslashes($this->mantis_id).', '.
-				'scrumsprint_id='.$this->addslashes($this->scrumsprint_id).', '.
-				'projekttask_fk='.$this->addslashes($this->projekttask_fk).', '.
-				'ende='.$this->addslashes($this->ende).', '.
-				'ressource_id='.$this->addslashes($this->ressource_id).', '.
-				'erledigt='.($this->erledigt?'true':'false').', '.
+				'projektphase_id='.$this->db_add_param($this->projektphase_id).', '.
+				'bezeichnung='.$this->db_add_param($this->bezeichnung).', '.
+				'beschreibung='.$this->db_add_param($this->beschreibung).', '.
+				'aufwand='.$this->db_add_param($this->aufwand).', '.
+				'mantis_id='.$this->db_add_param($this->mantis_id).', '.
+				'scrumsprint_id='.$this->db_add_param($this->scrumsprint_id).', '.
+				'projekttask_fk='.$this->db_add_param($this->projekttask_fk).', '.
+				'ende='.$this->db_add_param($this->ende).', '.
+				'ressource_id='.$this->db_add_param($this->ressource_id).', '.
+				'erledigt='.$this->db_add_param($this->erledigt, FHC_BOOLEAN).', '.
 				'updateamum= now(), '.
-				'updatevon='.$this->addslashes($this->updatevon).' '.
-				'WHERE projekttask_id='.$this->addslashes($this->projekttask_id).';';
+				'updatevon='.$this->db_add_param($this->updatevon).' '.
+				'WHERE projekttask_id='.$this->db_add_param($this->projekttask_id).';';
 		}
 		
 		if($this->db_query($qry))
@@ -375,7 +375,7 @@ class projekttask extends basis_db
 			return true;
 		}
 		
-		$qry = "DELETE FROM fue.tbl_projekttask WHERE projekttask_id=".addslashes($projekttask_id);
+		$qry = "DELETE FROM fue.tbl_projekttask WHERE projekttask_id=".$this->db_add_param($projekttask_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
diff --git a/include/pruefung.class.php b/include/pruefung.class.php
index 41d94c039..47fca4e43 100644
--- a/include/pruefung.class.php
+++ b/include/pruefung.class.php
@@ -75,7 +75,7 @@ class pruefung extends basis_db
 	    }
 
 	    $qry = "SELECT tbl_pruefung.*, tbl_lehreinheit.lehrveranstaltung_id, tbl_lehreinheit.studiensemester_kurzbz as studiensemester_kurzbz
-			    FROM lehre.tbl_pruefung JOIN lehre.tbl_lehreinheit USING(lehreinheit_id) WHERE pruefung_id=$pruefung_id";
+			    FROM lehre.tbl_pruefung JOIN lehre.tbl_lehreinheit USING(lehreinheit_id) WHERE pruefung_id=".$this->db_add_param($pruefung_id, FHC_INTEGER);
 
 	    if($this->db_query($qry))
 	    {
@@ -165,7 +165,7 @@ class pruefung extends basis_db
 		    return false;
 	    }
 
-	    $qry = "DELETE FROM lehre.tbl_pruefung WHERE pruefung_id='$pruefung_id'";
+	    $qry = "DELETE FROM lehre.tbl_pruefung WHERE pruefung_id=".$this->db_add_param($pruefung_id, FHC_INTEGER);
 
 	    if($this->db_query($qry))
 	    {
diff --git a/include/reservierung.class.php b/include/reservierung.class.php
index 1af90e956..fadb76bcd 100644
--- a/include/reservierung.class.php
+++ b/include/reservierung.class.php
@@ -140,35 +140,35 @@ class reservierung extends basis_db
 		{
 			$qry = 'INSERT INTO campus.tbl_reservierung (ort_kurzbz, studiengang_kz, uid, stunde, datum, titel,
 			                                      beschreibung, semester, verband, gruppe, gruppe_kurzbz, insertamum, insertvon)
-			        VALUES('.$this->addslashes($this->ort_kurzbz).','.
-					$this->addslashes($this->studiengang_kz).','.
-					$this->addslashes($this->uid).','.
-					$this->addslashes($this->stunde).','.
-					$this->addslashes($this->datum).','.
-					$this->addslashes($this->titel).','.
-					$this->addslashes($this->beschreibung).','.
-					$this->addslashes($this->semester).','.
-					$this->addslashes($this->verband).','.
-					$this->addslashes($this->gruppe).','.
-					$this->addslashes($this->gruppe_kurzbz).','.
-					$this->addslashes($this->insertamum).','.
-					$this->addslashes($this->insertvon).');';
+			        VALUES('.$this->db_add_param($this->ort_kurzbz).','.
+					$this->db_add_param($this->studiengang_kz).','.
+					$this->db_add_param($this->uid).','.
+					$this->db_add_param($this->stunde).','.
+					$this->db_add_param($this->datum).','.
+					$this->db_add_param($this->titel).','.
+					$this->db_add_param($this->beschreibung).','.
+					$this->db_add_param($this->semester).','.
+					$this->db_add_param($this->verband).','.
+					$this->db_add_param($this->gruppe).','.
+					$this->db_add_param($this->gruppe_kurzbz).','.
+					$this->db_add_param($this->insertamum).','.
+					$this->db_add_param($this->insertvon).');';
 		}
 		else
 		{
 			$qry = 'UPDATE campus.tbl_reservierung SET'.
-			       ' ort_kurzbz='.$this->addslashes($this->ort_kurzbz).','.
-			       ' studiengang_kz='.$this->addslashes($this->studiengang_kz).','.
-			       ' uid='.$this->addslashes($this->uid).','.
-			       ' stunde='.$this->addslashes($this->stunde).','.
-			       ' datum='.$this->addslashes($this->datum).','.
-			       ' titel='.$this->addslashes($this->titel).','.
-			       ' beschreibung='.$this->addslashes($this->beschreibung).','.
-			       ' semester='.$this->addslashes($this->semester).','.
-			       ' verband='.$this->addslashes($this->verband).','.
-			       ' gruppe='.$this->addslashes($this->gruppe).','.
-			       ' gruppe_kurzbz='.$this->addslashes($this->gruppe_kurzbz).
-			       " WHERE reservierung_id='".addslashes($this->reservierung_id)."'";
+			       ' ort_kurzbz='.$this->db_add_param($this->ort_kurzbz).','.
+			       ' studiengang_kz='.$this->db_add_param($this->studiengang_kz).','.
+			       ' uid='.$this->db_add_param($this->uid).','.
+			       ' stunde='.$this->db_add_param($this->stunde).','.
+			       ' datum='.$this->db_add_param($this->datum).','.
+			       ' titel='.$this->db_add_param($this->titel).','.
+			       ' beschreibung='.$this->db_add_param($this->beschreibung).','.
+			       ' semester='.$this->db_add_param($this->semester).','.
+			       ' verband='.$this->db_add_param($this->verband).','.
+			       ' gruppe='.$this->db_add_param($this->gruppe).','.
+			       ' gruppe_kurzbz='.$this->db_add_param($this->gruppe_kurzbz).
+			       " WHERE reservierung_id=".$this->db_add_param($this->reservierung_id, FHC_INTEGER);
 		}
 
 		if($this->db_query($qry))
@@ -179,7 +179,7 @@ class reservierung extends basis_db
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Speichern der Reservierung:'.$qry;
+			$this->errormsg = 'Fehler beim Speichern der Reservierung';
 			return false;
 		}
 	}
@@ -197,7 +197,7 @@ class reservierung extends basis_db
 			return false;
 		}
 		
-		$qry = "DELETE FROM campus.tbl_reservierung WHERE reservierung_id='$reservierung_id'";
+		$qry = "DELETE FROM campus.tbl_reservierung WHERE reservierung_id=".$this->db_add_param($reservierung_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 			return true;
@@ -233,9 +233,9 @@ class reservierung extends basis_db
 				
 		$qry = "SELECT * FROM campus.tbl_reservierung 
 				WHERE 
-					ort_kurzbz='".addslashes($ort_kurzbz)."' AND 
-					datum='".addslashes($datum)."' AND  
-					stunde='".addslashes($stunde)."'";
+					ort_kurzbz=".$this->db_add_param($ort_kurzbz)." AND 
+					datum=".$this->db_add_param($datum)." AND  
+					stunde=".$this->db_add_param($stunde);
 		if($result = $this->db_query($qry))
 		{
 			if($this->db_num_rows($result)>0)
diff --git a/include/ressource.class.php b/include/ressource.class.php
index 9dcfb599f..30df2bc97 100644
--- a/include/ressource.class.php
+++ b/include/ressource.class.php
@@ -70,7 +70,7 @@ class ressource extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM fue.tbl_ressource WHERE ressource_id='".addslashes($ressource_id)."'";
+		$qry = "SELECT * FROM fue.tbl_ressource WHERE ressource_id=".$this->db_add_param($ressource_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -152,7 +152,7 @@ class ressource extends basis_db
 	{
 		$qry = "SELECT ressource.*, project.projekt_ressource_id, project.aufwand FROM fue.tbl_ressource as ressource
 		JOIN fue.tbl_projekt_ressource project ON(project.ressource_id = ressource.ressource_id) 
-		WHERE project.projekt_kurzbz ='".addslashes($project_kurzbz)."';";
+		WHERE project.projekt_kurzbz =".$this->db_add_param($project_kurzbz).";";
 		
 		$this->result=array();
 			
@@ -198,7 +198,7 @@ class ressource extends basis_db
 	{
 		$qry = "SELECT ressource.*, project.aufwand, project.projekt_ressource_id FROM fue.tbl_ressource as ressource
 		JOIN fue.tbl_projekt_ressource project ON(project.ressource_id = ressource.ressource_id) 
-		WHERE project.projektphase_id ='".addslashes($projektphase_id)."';";
+		WHERE project.projektphase_id =".$this->db_add_param($projektphase_id, FHC_INTEGER).";";
 		
 		$this->result=array();
 			
@@ -249,24 +249,24 @@ class ressource extends basis_db
 			//Neuen Datensatz einfuegen
 			$qry='BEGIN; INSERT INTO fue.tbl_projekt_ressource (projektphase_id, projekt_kurzbz, 
 				ressource_id, funktion_kurzbz, beschreibung, aufwand) VALUES ('.
-			     $this->addslashes($this->projektphase_id).', '.
-				 $this->addslashes($this->projekt_kurzbz).', '.
-			     $this->addslashes($this->ressource_id).', '.
-			     $this->addslashes($this->funktion_kurzbz).', '.
-			     $this->addslashes($this->beschreibung).', '.
-				 $this->addslashes($this->aufwand, FHC_INTEGER).'); ';
+			     $this->db_add_param($this->projektphase_id, FHC_INTEGER).', '.
+				 $this->db_add_param($this->projekt_kurzbz).', '.
+			     $this->db_add_param($this->ressource_id, FHC_INTEGER).', '.
+			     $this->db_add_param($this->funktion_kurzbz).', '.
+			     $this->db_add_param($this->beschreibung).', '.
+				 $this->db_add_param($this->aufwand, FHC_INTEGER).'); ';
 		}
 		else
 		{
 			//Updaten des bestehenden Datensatzes
 			$qry='UPDATE fue.tbl_projekt_ressource SET '.
-				'projektphase_id='.$this->addslashes($this->projektphase_id).', '.
-				'projekt_kurzbz='.$this->addslashes($this->projekt_kurzbz).', '.
-				'ressource_id='.$this->addslashes($this->ressource_id).', '.
-				'funktion_kurzbz='.$this->addslashes($this->funktion_kurzbz).', '.
-				'beschreibung='.$this->addslashes($this->beschreibung).', '.
-				'aufwand='.$this->addslashes($this->aufwand).' '.
-				'WHERE projekt_ressource_id='.$this->addslashes($this->projekt_ressource_id).';';
+				'projektphase_id='.$this->db_add_param($this->projektphase_id, FHC_INTEGER).', '.
+				'projekt_kurzbz='.$this->db_add_param($this->projekt_kurzbz).', '.
+				'ressource_id='.$this->db_add_param($this->ressource_id, FHC_INTEGER).', '.
+				'funktion_kurzbz='.$this->db_add_param($this->funktion_kurzbz).', '.
+				'beschreibung='.$this->db_add_param($this->beschreibung).', '.
+				'aufwand='.$this->db_add_param($this->aufwand).' '.
+				'WHERE projekt_ressource_id='.$this->db_add_param($this->projekt_ressource_id, FHC_INTEGER).';';
 		}
 		
 		if($this->db_query($qry))
@@ -323,28 +323,28 @@ class ressource extends basis_db
 			//Neuen Datensatz einfuegen
 			$qry='BEGIN; INSERT INTO fue.tbl_ressource (bezeichnung, beschreibung, 
 				mitarbeiter_uid, student_uid, betriebsmittel_id, firma_id, insertvon, insertamum, updatevon, updateamum) VALUES ('.
-			     $this->addslashes($this->bezeichnung).', '.
-				 $this->addslashes($this->beschreibung).', '.
-			     $this->addslashes($this->mitarbeiter_uid).', '.
-			     $this->addslashes($this->student_uid).', '.
-			     $this->addslashes($this->betriebsmittel_id).', '.
-			     $this->addslashes($this->firma_id).', '.
-			     $this->addslashes($this->insertvon).', now(), '.
-			     $this->addslashes($this->updatevon).', now()); ';
+			     $this->db_add_param($this->bezeichnung).', '.
+				 $this->db_add_param($this->beschreibung).', '.
+			     $this->db_add_param($this->mitarbeiter_uid).', '.
+			     $this->db_add_param($this->student_uid).', '.
+			     $this->db_add_param($this->betriebsmittel_id, FHC_INTEGER).', '.
+			     $this->db_add_param($this->firma_id, FHC_INTEGER).', '.
+			     $this->db_add_param($this->insertvon).', now(), '.
+			     $this->db_add_param($this->updatevon).', now()); ';
 		}
 		else
 		{
 			//Updaten des bestehenden Datensatzes
 			$qry='UPDATE fue.tbl_ressource SET '.
-				'bezeichnung='.$this->addslashes($this->bezeichnung).', '.
-				'beschreibung='.$this->addslashes($this->beschreibung).', '.
-				'mitarbeiter_uid='.$this->addslashes($this->mitarbeiter_uid).', '.
-				'student_uid='.$this->addslashes($this->student_uid).', '.
-				'betriebsmittel_id='.$this->addslashes($this->betriebsmittel_id).', '.
-				'firma_id='.$this->addslashes($this->firma_id).', '.
+				'bezeichnung='.$this->db_add_param($this->bezeichnung).', '.
+				'beschreibung='.$this->db_add_param($this->beschreibung).', '.
+				'mitarbeiter_uid='.$this->db_add_param($this->mitarbeiter_uid).', '.
+				'student_uid='.$this->db_add_param($this->student_uid).', '.
+				'betriebsmittel_id='.$this->db_add_param($this->betriebsmittel_id, FHC_INTEGER).', '.
+				'firma_id='.$this->db_add_param($this->firma_id, FHC_INTEGER).', '.
 				'updateamum= now(), '.
-				'updatevon='.$this->addslashes($this->updatevon).' '.
-				'WHERE ressource_id='.$this->addslashes($this->ressource_id).';';
+				'updatevon='.$this->db_add_param($this->updatevon).' '.
+				'WHERE ressource_id='.$this->db_add_param($this->ressource_id, FHC_INTEGER).';';
 		}
 		
 		if($this->db_query($qry))
@@ -399,7 +399,7 @@ class ressource extends basis_db
 			return false;
 		}
 		
-		$qry = "SELECT * FROM fue.tbl_projekt_ressource WHERE projekt_ressource_id='".addslashes($projekt_ressource_id)."'";
+		$qry = "SELECT * FROM fue.tbl_projekt_ressource WHERE projekt_ressource_id=".$this->db_add_param($projekt_ressource_id, FHC_INTEGER);
 		
 		if($this->db_query($qry))
 		{
@@ -478,7 +478,7 @@ class ressource extends basis_db
 	 * Liefert die Ressourcen aller Projektphasen die zu einem bestimmten Datum aktiv sind
 	 * 
 	 * @param $datum
-	 */
+	 */
 	public function getProjektphaseRessourceDatum($datum, $endedatum, $projekt_kurzbz=null)
 	{
 		$qry = "
diff --git a/include/resturlaub.class.php b/include/resturlaub.class.php
index ca98a56af..f2e37cece 100644
--- a/include/resturlaub.class.php
+++ b/include/resturlaub.class.php
@@ -63,7 +63,7 @@ class resturlaub extends basis_db
 	 */
 	public function load($mitarbeiter_uid)
 	{
-		$qry = "SELECT * FROM campus.tbl_resturlaub WHERE mitarbeiter_uid='".addslashes($mitarbeiter_uid)."'";
+		$qry = "SELECT * FROM campus.tbl_resturlaub WHERE mitarbeiter_uid=".$this->db_add_param($mitarbeiter_uid);
 		
 		if($this->db_query($qry))
 		{
@@ -134,25 +134,25 @@ class resturlaub extends basis_db
 		{
 			//Neuen Datensatz einfuegen
 			$qry = 'INSERT INTO campus.tbl_resturlaub  (mitarbeiter_uid, resturlaubstage, mehrarbeitsstunden, urlaubstageprojahr, insertamum, insertvon, updateamum, updatevon) VALUES('.
-			       $this->addslashes($this->mitarbeiter_uid).', '.
-			       $this->addslashes($this->resturlaubstage).', '.
-			       $this->addslashes($this->mehrarbeitsstunden).', '.
-			       $this->addslashes($this->urlaubstageprojahr).', '.
-			       $this->addslashes($this->insertamum).', '.
-			       $this->addslashes($this->insertvon).', '.
-			       $this->addslashes($this->updateamum).', '.
-			       $this->addslashes($this->updatevon).');';
+			       $this->db_add_param($this->mitarbeiter_uid).', '.
+			       $this->db_add_param($this->resturlaubstage).', '.
+			       $this->db_add_param($this->mehrarbeitsstunden).', '.
+			       $this->db_add_param($this->urlaubstageprojahr).', '.
+			       $this->db_add_param($this->insertamum).', '.
+			       $this->db_add_param($this->insertvon).', '.
+			       $this->db_add_param($this->updateamum).', '.
+			       $this->db_add_param($this->updatevon).');';
 		}
 		else
 		{
 			//Updaten des bestehenden Datensatzes
 			$qry='UPDATE campus.tbl_resturlaub SET '.
-			'resturlaubstage='.$this->addslashes($this->resturlaubstage).', '.
-			'mehrarbeitsstunden='.$this->addslashes($this->mehrarbeitsstunden).', '.
-			'urlaubstageprojahr='.$this->addslashes($this->urlaubstageprojahr).', '.
- 			'updateamum='.$this->addslashes($this->updateamum).', '.
- 			'updatevon='.$this->addslashes($this->updatevon).
- 			' WHERE mitarbeiter_uid='.$this->addslashes($this->mitarbeiter_uid).';';
+			'resturlaubstage='.$this->db_add_param($this->resturlaubstage).', '.
+			'mehrarbeitsstunden='.$this->db_add_param($this->mehrarbeitsstunden).', '.
+			'urlaubstageprojahr='.$this->db_add_param($this->urlaubstageprojahr).', '.
+ 			'updateamum='.$this->db_add_param($this->updateamum).', '.
+ 			'updatevon='.$this->db_add_param($this->updatevon).
+ 			' WHERE mitarbeiter_uid='.$this->db_add_param($this->mitarbeiter_uid).';';
 		}
 
 		if($this->db_query($qry))
@@ -204,4 +204,4 @@ class resturlaub extends basis_db
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/schluesseltyp.class.php b/include/schluesseltyp.class.php
index b31bc4eed..9128d57e5 100644
--- a/include/schluesseltyp.class.php
+++ b/include/schluesseltyp.class.php
@@ -50,7 +50,7 @@ class schluesseltyp extends basis_db
 	 */
 	public function save()
 	{
-		$qry1='SELECT * FROM public.tbl_schluesseltyp WHERE beschreibung='.$this->addslashes($this->beschreibung).';';
+		$qry1='SELECT * FROM public.tbl_schluesseltyp WHERE beschreibung='.$this->db_add_param($this->beschreibung).';';
 		if($this->db_query($qry1))
 		{
 			if($this->db_num_rows()>0) //eintrag gefunden
@@ -66,19 +66,17 @@ class schluesseltyp extends basis_db
 						$dbanzahl=$row1->anzahl;
 					}
 					$qry='UPDATE public.tbl_schluesseltyp SET '.
-					'anzahl ='.$dbanzahl."+".$this->anzahl.' '.
-					'WHERE beschreibung='.$this->addslashes($this->beschreibung).';';
-					echo nl2br($qry."\n");
+					'anzahl ='.($this->db_add_param($dbanzahl+$this->anzahl)).' '.
+					'WHERE beschreibung='.$this->db_add_param($this->beschreibung).';';
 				}
 			}
 			else
 			{
 				$qry='INSERT INTO public.tbl_schluesseltyp (schluesseltyp, beschreibung, anzahl, kaution) VALUES('.
-					$this->addslashes($this->schluesseltyp).', '.
-					$this->addslashes($this->beschreibung).', '.
-					$this->addslashes($this->anzahl).', '.
-					$this->addslashes($this->kaution).');';
-					echo nl2br($qry."\n");
+					$this->db_add_param($this->schluesseltyp).', '.
+					$this->db_add_param($this->beschreibung).', '.
+					$this->db_add_param($this->anzahl).', '.
+					$this->db_add_param($this->kaution).');';
 			}
 			if($this->db_query($qry))
 			{
@@ -97,4 +95,4 @@ class schluesseltyp extends basis_db
 		}
 	}
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/standort.class.php b/include/standort.class.php
index b05060c66..1c5a6e9cc 100644
--- a/include/standort.class.php
+++ b/include/standort.class.php
@@ -93,7 +93,7 @@ class standort extends basis_db
 		}
 
 		//Daten aus der Datenbank lesen
-		$qry = "SELECT * FROM public.tbl_standort WHERE standort_id='".addslashes($standort_id)."'";
+		$qry = "SELECT * FROM public.tbl_standort WHERE standort_id=".$this->db_add_param($standort_id, FHC_INTEGER);
 
 		if(!$this->db_query($qry))
 		{
@@ -141,7 +141,7 @@ class standort extends basis_db
 		}
 
 		//Lesen der Daten aus der Datenbank
-		$qry = "SELECT * FROM public.tbl_standort WHERE adresse_id='".addslashes($adress_id)."'";
+		$qry = "SELECT * FROM public.tbl_standort WHERE adresse_id=".$this->db_add_param($adress_id, FHC_INTEGER);
 
 		if(!$this->db_query($qry))
 		{
@@ -186,7 +186,7 @@ class standort extends basis_db
 		}
 
 		//Lesen der Daten aus der Datenbank
-		$qry = "SELECT * FROM public.tbl_standort WHERE firma_id='".addslashes($firma_id)."' ORDER BY standort_id";
+		$qry = "SELECT * FROM public.tbl_standort WHERE firma_id=".$this->db_add_param($firma_id, FHC_INTEGER)." ORDER BY standort_id";
 
 		if(!$this->db_query($qry))
 		{
@@ -273,13 +273,13 @@ class standort extends basis_db
 			//Neuen Datensatz einfuegen
 			$qry='BEGIN;INSERT INTO public.tbl_standort (adresse_id,kurzbz,  bezeichnung, insertamum, insertvon
 			    , updateamum, updatevon, ext_id, firma_id) VALUES('.
-			      ($this->adresse_id!=null?$this->addslashes($this->adresse_id):'null').', '.				
-			      $this->addslashes($this->kurzbz).', '.
-			      $this->addslashes($this->bezeichnung).', now(), '.
-			      $this->addslashes($this->insertvon).', now(), '.
-			      $this->addslashes($this->updatevon).', '.
-			      ($this->ext_id!=null?$this->addslashes($this->ext_id):'null').', '.
-			      ($this->firma_id!=null?$this->addslashes($this->firma_id):'null').');'; 
+			      $this->db_add_param($this->adresse_id, FHC_INTEGER).', '.
+			      $this->db_add_param($this->kurzbz).', '.
+			      $this->db_add_param($this->bezeichnung).', now(), '.
+			      $this->db_add_param($this->insertvon).', now(), '.
+			      $this->db_add_param($this->updatevon).', '.
+			      $this->db_add_param($this->ext_id).', '.
+			      $this->db_add_param($this->firma_id).');'; 
 		}
 		else
 		{
@@ -290,12 +290,12 @@ class standort extends basis_db
 				return false;
 			}
 			$qry='UPDATE public.tbl_standort SET'.
-				' adresse_id='.$this->addslashes($this->adresse_id).', '.
-				' kurzbz='.$this->addslashes($this->kurzbz).', '.				
-				' bezeichnung='.$this->addslashes($this->bezeichnung).', '.
-		      	' firma_id='.$this->addslashes($this->firma_id).','.
+				' adresse_id='.$this->db_add_param($this->adresse_id).', '.
+				' kurzbz='.$this->db_add_param($this->kurzbz).', '.				
+				' bezeichnung='.$this->db_add_param($this->bezeichnung).', '.
+		      	' firma_id='.$this->db_add_param($this->firma_id).','.
 		      	' updateamum= now(), '.
-		      	' updatevon='.$this->addslashes($this->updatevon).' '.
+		      	' updatevon='.$this->db_add_param($this->updatevon).' '.
 		      	'WHERE standort_id='.$this->standort_id.';';
 		}
 
@@ -351,7 +351,7 @@ class standort extends basis_db
 			return false;
 		}
 		//loeschen des Datensatzes
-		$qry="DELETE FROM public.tbl_standort WHERE standort_id='".addslashes($standort_id)."';";
+		$qry="DELETE FROM public.tbl_standort WHERE standort_id=".$this->db_add_param($standort_id, FHC_INTEGER).";";
 		if($this->db_query($qry))
 		{
 			return true;
@@ -414,15 +414,15 @@ class standort extends basis_db
 			";
 			
 		if ($personfunktionstandort_id!='' && is_numeric($personfunktionstandort_id))
-			$qry.="	AND personfunktionstandort_id='".addslashes($personfunktionstandort_id)."'";
+			$qry.="	AND personfunktionstandort_id=".$this->db_add_param($personfunktionstandort_id, FHC_INTEGER);
 		if ($firma_id!='' && is_numeric($firma_id))
-			$qry.="	AND tbl_standort.firma_id='".addslashes($firma_id)."'";
+			$qry.="	AND tbl_standort.firma_id=".$this->db_add_param($firma_id, FHC_INTEGER);
 		if ($standort_id!='' && is_numeric($standort_id))
-			$qry.="	AND tbl_standort.standort_id='".addslashes($standort_id)."'";
+			$qry.="	AND tbl_standort.standort_id=".$this->db_add_param($standort_id, FHC_INTEGER);
 		if ($adress_id!='' && is_numeric($adress_id))
-			$qry.="	AND tbl_standort.adress_id='".addslashes($adress_id)."'";
+			$qry.="	AND tbl_standort.adress_id=".$this->db_add_param($adress_id, FHC_INTEGER);
 		if ($person_id!='' && is_numeric($person_id))
-			$qry.="	AND tbl_standort.person_id='".addslashes($person_id)."'";
+			$qry.="	AND tbl_standort.person_id=".$this->db_add_param($person_id, FHC_INTEGER);
 
 		if(!$this->db_query($qry))
 		{
@@ -503,21 +503,21 @@ class standort extends basis_db
 			//Neuen Datensatz einfuegen
 			$qry='BEGIN;INSERT INTO public.tbl_personfunktionstandort (funktion_kurzbz,person_id,position,anrede,standort_id) 
 				VALUES('.
-			      ($this->funktion_kurzbz!=null?$this->addslashes($this->funktion_kurzbz):'null').', '.				
-			      ($this->person_id!=null?$this->addslashes($this->person_id):'null').', '.				
-			      $this->addslashes($this->position).', '.
-			      $this->addslashes($this->anrede).', '.
-			      ($this->standort_id!=null?$this->addslashes($this->standort_id):'null').');'; 
+			      $this->db_add_param($this->funktion_kurzbz).', '.				
+			      $this->db_add_param($this->person_id, FHC_INTEGER).', '.				
+			      $this->db_add_param($this->position).', '.
+			      $this->db_add_param($this->anrede).', '.
+			      $this->db_add_param($this->standort_id, FHC_INTEGER).');'; 
 		}
 		else
 		{
 			$qry='UPDATE public.tbl_personfunktionstandort SET'.
-				' funktion_kurzbz='.($this->funktion_kurzbz!=null?$this->addslashes($this->funktion_kurzbz):'null').', '.
-				' person_id='.($this->person_id!=null?$this->addslashes($this->person_id):'null').', '.				
-				' position='.$this->addslashes($this->position).', '.
-		      	' anrede='.$this->addslashes($this->anrede).','.
-		      	' standort_id='.($this->standort_id!=null?$this->addslashes($this->standort_id):'null').' '.
-		      	' WHERE personfunktionstandort_id='.$this->personfunktionstandort_id.';';
+				' funktion_kurzbz='.$this->db_add_param($this->funktion_kurzbz).', '.
+				' person_id='.$this->db_add_param($this->person_id, FHC_INTEGER).', '.				
+				' position='.$this->db_add_param($this->position).', '.
+		      	' anrede='.$this->db_add_param($this->anrede).','.
+		      	' standort_id='.$this->db_add_param($this->standort_id, FHC_INTEGER).' '.
+		      	' WHERE personfunktionstandort_id='.$this->db_add_param($this->personfunktionstandort_id, FHC_INTEGER).';';
 		}
 
 		if($this->db_query($qry))
@@ -578,9 +578,9 @@ class standort extends basis_db
 		}
 		
 		if($personfunktionstandort_id != '')
-			$qry="DELETE FROM public.tbl_personfunktionstandort WHERE personfunktionstandort_id='".addslashes($personfunktionstandort_id)."';";
+			$qry="DELETE FROM public.tbl_personfunktionstandort WHERE personfunktionstandort_id=".$this->db_add_param($personfunktionstandort_id, FHC_INTEGER).";";
 		else if($standort_id != '')
-			$qry="DELETE FROM public.tbl_personfunktionstandort WHERE standort_id='".addslashes($standort_id)."';";
+			$qry="DELETE FROM public.tbl_personfunktionstandort WHERE standort_id=".$this->db_add_param($standort_id, FHC_INTEGER);
 		else
 		{
 			$this->errormsg = 'personfunktionstandort_id oder standort_id muss eingegeben werden'."\n";
@@ -608,7 +608,7 @@ class standort extends basis_db
 		$qry ="select standort.* from public.tbl_firma as firma, public.tbl_adresse as adresse, public.tbl_standort as standort where 
 		firma.firma_id = standort.firma_id  and 
 		standort.adresse_id = adresse.adresse_id and 
-		firma.firmentyp_kurzbz = '".addslashes($typ)."';";
+		firma.firmentyp_kurzbz = ".$this->db_add_param($typ).";";
 		
 		if($this->db_query($qry))
 		{
@@ -641,4 +641,4 @@ class standort extends basis_db
 	
 	
 }
-?>
\ No newline at end of file
+?>
diff --git a/include/statistik.class.php b/include/statistik.class.php
index 955f27e94..e3e072453 100644
--- a/include/statistik.class.php
+++ b/include/statistik.class.php
@@ -161,7 +161,7 @@ class statistik extends basis_db
 	 */
 	public function getGruppe($gruppe,$publish=null)
 	{
-		$qry = "SELECT * FROM public.tbl_statistik WHERE gruppe='$gruppe'";
+		$qry = "SELECT * FROM public.tbl_statistik WHERE gruppe=".$this->db_add_param($gruppe);
 		if ($publish==true)
 			$qry.=' AND publish ';
 		elseif ($publish==false)
@@ -567,27 +567,28 @@ class statistik extends basis_db
 	{
 		return json_encode($this->json);
 	}
-	/**
- * 
- * Parst Variablen aus einem String und liefert diese als Array zurueck
- * @param $value String mit Variablen
- * z.B.: "Select * from tbl_person where person_id<'$person_id'"
- * oder "../content/statistik/bewerberstatistik.php?stsem=$StSem&stg_kz=$stg_kz"
- * 
- * @return Array mit den Variablennamen
- */
-function parseVars($value)
-{
-	$result = array();
 
-	$check = '/\$[0-9A-z]+/';
-	preg_match_all($check, $value, $result);
-	$result = $result[0];
-	
-	for($i=0;$i<count($result);$i++)
+	/**
+	 * 
+	 * Parst Variablen aus einem String und liefert diese als Array zurueck
+	 * @param $value String mit Variablen
+	 * z.B.: "Select * from tbl_person where person_id<'$person_id'"
+	 * oder "../content/statistik/bewerberstatistik.php?stsem=$StSem&stg_kz=$stg_kz"
+	 * 
+	 * @return Array mit den Variablennamen
+	 */
+	function parseVars($value)
 	{
-		$result[$i] = mb_str_replace('$','',$result[$i]);
+		$result = array();
+
+		$check = '/\$[0-9A-z]+/';
+		preg_match_all($check, $value, $result);
+		$result = $result[0];
+	
+		for($i=0;$i<count($result);$i++)
+		{
+			$result[$i] = mb_str_replace('$','',$result[$i]);
+		}
+		return array_unique($result);
 	}
-	return array_unique($result);
-}
 }
diff --git a/include/student.class.php b/include/student.class.php
index c82b6849e..311ace356 100644
--- a/include/student.class.php
+++ b/include/student.class.php
@@ -63,12 +63,12 @@ class student extends benutzer
 		if(!benutzer::load($uid))
 			return false;
 		if(is_null($studiensemester_kurzbz))
-			$qry = "SELECT * FROM public.tbl_student WHERE student_uid='".addslashes($uid)."'";
+			$qry = "SELECT * FROM public.tbl_student WHERE student_uid=".$this->db_add_param($uid);
 		else
 			$qry = "SELECT *, tbl_studentlehrverband.studiengang_kz as studiengang_kz, tbl_studentlehrverband.semester as semester,
 					tbl_studentlehrverband.verband as verband, tbl_studentlehrverband.gruppe as gruppe  
 					FROM public.tbl_student JOIN public.tbl_studentlehrverband USING(student_uid) 
-					WHERE studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."' AND student_uid='".addslashes($uid)."'";
+					WHERE studiensemester_kurzbz=".$this->db_add_param($studiensemester_kurzbz)." AND student_uid=".$this->db_add_param($uid);
 		if($this->db_query($qry))
 		{
 			if($row = $this->db_fetch_object())
@@ -96,7 +96,7 @@ class student extends benutzer
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Auslesen des Studenten '.$qry;
+			$this->errormsg = 'Fehler beim Auslesen des Studenten';
 			return false;
 		}
 	}
@@ -190,33 +190,32 @@ class student extends benutzer
 			//Neuen Datensatz anlegen
 			$qry = "INSERT INTO public.tbl_student(student_uid, matrikelnr, updateamum, updatevon, prestudent_id,
 			                    studiengang_kz, semester, ext_id, verband, gruppe, insertamum, insertvon)
-			        VALUES('".addslashes($this->uid)."',".
-			 	 	$this->addslashes($this->matrikelnr).",".
-			 	 	$this->addslashes($this->updateamum).','.
-			 	 	$this->addslashes($this->updatevon).','.
-			 	 	$this->addslashes($this->prestudent_id).','.
-					$this->studiengang_kz.','.
-					$this->semester.','.
-					($this->ext_id_student!=''?$this->ext_id_student:'null').','.
-					($this->verband!=''?"'".addslashes($this->verband)."'":"' '").','.
-					($this->gruppe!=''?"'".addslashes($this->gruppe)."'":"' '").','.
-					$this->addslashes($this->insertamum).','.
-					$this->addslashes($this->insertvon).');';
+			        VALUES(".$this->db_add_param($this->uid).",".
+			 	 	$this->db_add_param($this->matrikelnr).",".
+			 	 	$this->db_add_param($this->updateamum).','.
+			 	 	$this->db_add_param($this->updatevon).','.
+			 	 	$this->db_add_param($this->prestudent_id, FHC_INTEGER).','.
+					$this->db_add_param($this->studiengang_kz).','.
+					$this->db_add_param($this->semester).','.
+					$this->db_add_param($this->ext_id_student).','.
+					$this->db_add_param(($this->verband==''?' ':$this->verband)).','.
+					$this->db_add_param(($this->gruppe==''?' ':$this->gruppe)).','.
+					$this->db_add_param($this->insertamum).','.
+					$this->db_add_param($this->insertvon).');';
 		}
 		else
 		{
 			//Bestehenden Datensatz updaten
 			$qry = 'UPDATE public.tbl_student SET'.
-			       ' matrikelnr='.$this->addslashes($this->matrikelnr).','.
-			       ' updateamum='.$this->addslashes($this->updateamum).','.
-			       ' updatevon='.$this->addslashes($this->updatevon).','.
-			       //' prestudent_id='.$this->addslashes($this->prestudent_id).','.
-			       ' studiengang_kz='.$this->studiengang_kz.','.
-			       ' semester='.$this->semester.','.
-			       ' ext_id='.($this->ext_id_student!=''?$this->ext_id_student:'null').','.
-			       ' verband='.($this->verband!=''?"'".addslashes($this->verband)."'":"' '").','.
-			       ' gruppe='.($this->gruppe!=''?"'".addslashes($this->gruppe)."'":"' '").
-			       " WHERE student_uid='".addslashes($this->uid)."';";
+			       ' matrikelnr='.$this->db_add_param($this->matrikelnr).','.
+			       ' updateamum='.$this->db_add_param($this->updateamum).','.
+			       ' updatevon='.$this->db_add_param($this->updatevon).','.
+			       ' studiengang_kz='.$this->db_add_param($this->studiengang_kz).','.
+			       ' semester='.$this->db_add_param($this->semester).','.
+			       ' ext_id='.$this->db_add_param($this->ext_id_student).','.
+			       ' verband='.$this->db_add_param(($this->verband==''?' ':$this->verband)).','.
+			       ' gruppe='.$this->db_add_param(($this->gruppe==''?' ':$this->gruppe)).
+			       " WHERE student_uid=".$this->db_add_param($this->uid).";";
 		}
 		
 		if($this->db_query($qry))
@@ -228,7 +227,7 @@ class student extends benutzer
 		else
 		{
 			$this->db_query('ROLLBACK;');
-			$this->errormsg = 'Fehler beim Speichern des Studenten-Datensatzes'.$qry;
+			$this->errormsg = 'Fehler beim Speichern des Studenten-Datensatzes';
 			return false;
 		}
 	}
@@ -249,25 +248,24 @@ class student extends benutzer
 		$where = '';
 		if ($gruppe!=null)
 		{
-			$where=" gruppe_kurzbz='".addslashes($gruppe)."' AND tbl_benutzer.uid=tbl_benutzergruppe.uid";
+			$where=" gruppe_kurzbz=".$this->db_add_param($gruppe)." AND tbl_benutzer.uid=tbl_benutzergruppe.uid";
 			if($stsem!=null)
-				$where.=" AND tbl_benutzergruppe.studiensemester_kurzbz='".addslashes($stsem)."'";
+				$where.=" AND tbl_benutzergruppe.studiensemester_kurzbz=".$this->db_add_param($stsem);
 		}
 		else
 		{
-			$where.=" tbl_studentlehrverband.studiengang_kz='".addslashes($stg_kz)."'";
+			$where.=" tbl_studentlehrverband.studiengang_kz=".$this->db_add_param($stg_kz);
 			if ($sem!=null)
-				$where.=" AND tbl_studentlehrverband.semester='".addslashes($sem)."'";
+				$where.=" AND tbl_studentlehrverband.semester=".$this->db_add_param($sem);
 			if ($ver!=null)
-				$where.=" AND tbl_studentlehrverband.verband='".addslashes($ver)."'";
+				$where.=" AND tbl_studentlehrverband.verband=".$this->db_add_param($ver);
 			if ($grp!=null)
-				$where.=" AND tbl_studentlehrverband.gruppe='".addslashes($grp)."'";
+				$where.=" AND tbl_studentlehrverband.gruppe=".$this->db_add_param($grp);
 		}			
 
 		if($stsem!=null)
-				$where.=" AND tbl_studentlehrverband.studiensemester_kurzbz='".addslashes($stsem)."'";
+				$where.=" AND tbl_studentlehrverband.studiensemester_kurzbz=".$this->db_add_param($stsem);
 		
-		//$sql_query="SELECT * FROM campus.vw_student WHERE $where ORDER by nachname,vorname";
 		$sql_query = "SELECT *, tbl_student.semester as std_semester, tbl_student.verband as std_verband, tbl_student.gruppe as std_gruppe, tbl_student.studiengang_kz as std_studiengang_kz,
 					  tbl_studentlehrverband.studiengang_kz as lvb_studiengang_kz, tbl_studentlehrverband.semester as lvb_semester, tbl_studentlehrverband.verband as lvb_verband, tbl_studentlehrverband.gruppe as lvb_gruppe 
 					  FROM public.tbl_person, public.tbl_student, public.tbl_benutzer, public.tbl_studentlehrverband, public.tbl_prestudent";
@@ -301,7 +299,7 @@ class student extends benutzer
 			$l->svnr=$row->svnr;
 			$l->foto=$row->foto;
 			$l->anmerkungen=$row->anmerkung;
-			$l->aktiv=$row->aktiv=='t'?true:false;
+			$l->aktiv=$this->db_parse_bool($row->aktiv);
 			$l->alias=$row->alias;
 			$l->homepage=$row->homepage;
 			$l->updateamum=(isset($row->updateamum)?$row->updateamum:'');
@@ -394,7 +392,7 @@ class student extends benutzer
 	public function studentlehrverband_exists($student_uid, $studiensemester_kurzbz)
 	{
 		$qry = "SELECT count(*) as anzahl FROM public.tbl_studentlehrverband 
-				WHERE student_uid='".addslashes($student_uid)."' AND studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."'";
+				WHERE student_uid=".$this->db_add_param($student_uid)." AND studiensemester_kurzbz=".$this->db_add_param($studiensemester_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -428,8 +426,8 @@ class student extends benutzer
 	public function load_studentlehrverband($student_uid, $studiensemester_kurzbz)
 	{
 		$qry = "SELECT * FROM public.tbl_studentlehrverband 
-				WHERE student_uid='".addslashes($student_uid)."' 
-				AND studiensemester_kurzbz='".addslashes($studiensemester_kurzbz)."'";
+				WHERE student_uid=".$this->db_add_param($student_uid)."
+				AND studiensemester_kurzbz=".$this->db_add_param($studiensemester_kurzbz);
 		
 		if($this->db_query($qry))
 		{
@@ -474,27 +472,27 @@ class student extends benutzer
 		if($new)
 		{
 			$qry = "INSERT INTO public.tbl_studentlehrverband (student_uid, studiensemester_kurzbz, studiengang_kz, semester, verband, gruppe, updateamum, updatevon, insertamum, insertvon)
-					VALUES(".$this->addslashes($this->uid).','.
-					$this->addslashes($this->studiensemester_kurzbz).','.
-					$this->addslashes($this->studiengang_kz).','.
-					$this->addslashes($this->semester).','.
-					$this->addslashes(($this->verband==''?' ':$this->verband)).','.
-					$this->addslashes(($this->gruppe==''?' ':$this->gruppe)).','.
-					$this->addslashes($this->updateamum).','.
-					$this->addslashes($this->updatevon).','.
-					$this->addslashes($this->insertamum).','.
-					$this->addslashes($this->insertvon).');';
+					VALUES(".$this->db_add_param($this->uid).','.
+					$this->db_add_param($this->studiensemester_kurzbz).','.
+					$this->db_add_param($this->studiengang_kz).','.
+					$this->db_add_param($this->semester).','.
+					$this->db_add_param(($this->verband==''?' ':$this->verband)).','.
+					$this->db_add_param(($this->gruppe==''?' ':$this->gruppe)).','.
+					$this->db_add_param($this->updateamum).','.
+					$this->db_add_param($this->updatevon).','.
+					$this->db_add_param($this->insertamum).','.
+					$this->db_add_param($this->insertvon).');';
 		}
 		else 
 		{
 			$qry = "UPDATE public.tbl_studentlehrverband SET".
-					" studiengang_kz=".$this->addslashes($this->studiengang_kz).",".
-					" semester=".$this->addslashes($this->semester).",".
-					" verband=".$this->addslashes(($this->verband==''?' ':$this->verband)).",".
-					" gruppe=".$this->addslashes(($this->gruppe==''?' ':$this->gruppe)).",".
-					" updateamum=".$this->addslashes($this->updateamum).",".
-					" updatevon=".$this->addslashes($this->updatevon).
-					" WHERE student_uid='".addslashes($this->uid)."' AND studiensemester_kurzbz='".addslashes($this->studiensemester_kurzbz)."'";
+					" studiengang_kz=".$this->db_add_param($this->studiengang_kz).",".
+					" semester=".$this->db_add_param($this->semester).",".
+					" verband=".$this->db_add_param(($this->verband==''?' ':$this->verband)).",".
+					" gruppe=".$this->db_add_param(($this->gruppe==''?' ':$this->gruppe)).",".
+					" updateamum=".$this->db_add_param($this->updateamum).",".
+					" updatevon=".$this->db_add_param($this->updatevon).
+					" WHERE student_uid=".$this->db_add_param($this->uid)." AND studiensemester_kurzbz=".$this->db_add_param($this->studiensemester_kurzbz);
 		}
 		
 		if($this->db_query($qry))
@@ -521,7 +519,7 @@ class student extends benutzer
 			return false;
 		}
 		
-		$qry = "SELECT student_uid FROM public.tbl_student WHERE prestudent_id='$prestudent_id'";
+		$qry = "SELECT student_uid FROM public.tbl_student WHERE prestudent_id=".$this->db_add_param($prestudent_id);
 		
 		if($this->db_query($qry))
 		{
@@ -549,7 +547,7 @@ class student extends benutzer
 	 */
 	public function getUidFromMatrikelnummer($matrikelnummer)
 	{
-		$qry = "SELECT student_uid FROM public.tbl_student WHERE matrikelnr='".addslashes($matrikelnummer)."'";
+		$qry = "SELECT student_uid FROM public.tbl_student WHERE matrikelnr=".$this->db_add_param($matrikelnummer);
 		
 		if($this->db_query($qry))
 		{
@@ -581,7 +579,7 @@ class student extends benutzer
 	public function load_person($person_id, $studiengang_kz)
 	{
 		$qry = "SELECT tbl_student.* FROM public.tbl_benutzer JOIN public.tbl_student ON(uid=student_uid)
-				WHERE person_id='".addslashes($person_id)."' AND studiengang_kz='".addslashes($studiengang_kz)."'
+				WHERE person_id=".$this->db_add_param($person_id, FHC_INTEGER)." AND studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER)."
 				ORDER BY prestudent_id DESC LIMIT 1";
 		
 		if($this->db_query($qry))
@@ -611,7 +609,7 @@ class student extends benutzer
 		}
 		else
 		{
-			$this->errormsg = 'Fehler beim Auslesen des Studenten '.$qry;
+			$this->errormsg = 'Fehler beim Auslesen des Studenten';
 			return false;
 		}
 	}
@@ -639,10 +637,10 @@ class student extends benutzer
 		
 		if($filter!='')
 		{
-			$sql_query.=" AND 	nachname ~* '".addslashes($filter)."' OR 
-								vorname ~* '".addslashes($filter)."' OR
-								(nachname || ' ' || vorname) ~* '".addslashes($filter)."' OR
-								(vorname || ' ' || nachname) ~* '".addslashes($filter)."'";
+			$sql_query.=" AND 	nachname ~* ".$this->db_add_param($filter)." OR 
+								vorname ~* ".$this->db_add_param($filter)." OR
+								(nachname || ' ' || vorname) ~* ".$this->db_add_param($filter)." OR
+								(vorname || ' ' || nachname) ~* ".$this->db_add_param($filter);
 		}
 
 		$sql_query .= " ORDER BY $order";
@@ -674,9 +672,9 @@ class student extends benutzer
 				$l->familienstand = $row->familienstand;
 				$l->geschlecht = $row->geschlecht;
 				$l->anzahlkinder = $row->anzahlkinder;
-				$l->aktiv = ($row->aktiv=='t'?true:false);
+				$l->aktiv = $this->db_parse_bool($row->aktiv);
 				$l->kurzbeschreibung = $row->kurzbeschreibung;
-				$l->bnaktiv = ($row->bnaktiv=='t'?true:false);
+				$l->bnaktiv = $this->db_parse_bool($row->bnaktiv);
 				$l->studiengang_kz = $row->studiengang_kz;
 				$l->semester = $row->semester;
 				$l->verband = $row->verband;
diff --git a/include/studentnote.class.php b/include/studentnote.class.php
index af19c771f..d37d4ff34 100755
--- a/include/studentnote.class.php
+++ b/include/studentnote.class.php
@@ -169,7 +169,7 @@ class studentnote extends basis_db
 				{					
 					$qry = "SELECT sum(tbl_beispiel.punkte) as punktegesamt_alle FROM campus.tbl_beispiel, campus.tbl_uebung
 							WHERE tbl_uebung.uebung_id=tbl_beispiel.uebung_id AND
-							tbl_uebung.lehreinheit_id='$lehreinheit_id' and tbl_uebung.liste_id = '$ueb1->uebung_id'";
+							tbl_uebung.lehreinheit_id=".$this->db_add_param($lehreinheit_id, FHC_INTEGER)." and tbl_uebung.liste_id = ".$this->db_add_param($ueb1->uebung_id, FHC_INTEGER);
 					$punkte_moeglich=1;
 					if($this->db_query($qry))
 						if($row = $this->db_fetch_object())
@@ -182,7 +182,7 @@ class studentnote extends basis_db
 					$punkte_ns = $punkte_gesamt;
 
 				//Prozentpunkte
-				$qry = "SELECT min(note) as note FROM campus.tbl_notenschluesseluebung WHERE punkte <= '".$punkte_ns."' AND uebung_id = '".$ueb1->uebung_id."'";
+				$qry = "SELECT min(note) as note FROM campus.tbl_notenschluesseluebung WHERE punkte <= ".$this->db_add_param($punkte_ns)." AND uebung_id = ".$this->db_add_param($ueb1->uebung_id);
 				
 				if($this->db_query($qry))
 				{
@@ -303,7 +303,8 @@ class studentnote extends basis_db
 			$ueb = new uebung();
 			
 			//Eingetragen diese Kreuzerlliste
-			$qry = "SELECT sum(punkte) as punkteeingetragen FROM campus.tbl_beispiel JOIN campus.tbl_studentbeispiel USING(beispiel_id) WHERE uebung_id='$uebung_id' AND student_uid='$student_uid' AND vorbereitet=true";
+			$qry = "SELECT sum(punkte) as punkteeingetragen FROM campus.tbl_beispiel JOIN campus.tbl_studentbeispiel USING(beispiel_id) 
+				WHERE uebung_id=".$this->db_add_param($uebung_id, FHC_INTEGER)." AND student_uid=".$this->db_add_param($student_uid)." AND vorbereitet=true";
 			$punkte_eingetragen=0;
 			if($this->db_query($qry))
 				if($row = $this->db_fetch_object())
diff --git a/include/wawi_bestelldetail.class.php b/include/wawi_bestelldetail.class.php
index 66df14b95..c263b72ca 100644
--- a/include/wawi_bestelldetail.class.php
+++ b/include/wawi_bestelldetail.class.php
@@ -227,12 +227,12 @@ class wawi_bestelldetail extends basis_db
 			$this->db_add_param($this->preisprove).', '.
 			$this->db_add_param($mwst).', 
 			false, '.
-			$this->addslashes($this->sort).',  
+			$this->db_add_param($this->sort).',  
 			false , '.
-			$this->addslashes($this->insertamum).', '.
-			$this->addslashes($this->insertvon).', '.
-			$this->addslashes($this->updateamum).', '.
-			$this->addslashes($this->updatevon).'); ';
+			$this->db_add_param($this->insertamum).', '.
+			$this->db_add_param($this->insertvon).', '.
+			$this->db_add_param($this->updateamum).', '.
+			$this->db_add_param($this->updatevon).'); ';
 			
 		}
 		else
@@ -350,4 +350,4 @@ class wawi_bestelldetail extends basis_db
 			return false;
 		}
 	}
-}
\ No newline at end of file
+}
diff --git a/rdf/lehrverbandsgruppe.rdf.php b/rdf/lehrverbandsgruppe.rdf.php
index bde204b34..5d2c3fa4b 100644
--- a/rdf/lehrverbandsgruppe.rdf.php
+++ b/rdf/lehrverbandsgruppe.rdf.php
@@ -73,13 +73,11 @@ if (count($berechtigt_studiengang)>0)
 {
 	if ($berechtigt_studiengang[0]!='')
 	{
-		foreach ($berechtigt_studiengang as $b_stg)
-			$stg_kz_query.="'".$b_stg."',";
-		$stg_kz_query='AND tbl_studiengang.studiengang_kz IN ('.substr($stg_kz_query,0,strlen($stg_kz_query)-1).')';
+		$stg_kz_query='AND tbl_studiengang.studiengang_kz IN ('.$dbo->implode4SQL($berechtigt_studiengang).')';
 	}
 
 	if (isset($_GET['studiengang_kz']))
-		$stg_kz_query='AND tbl_lehrverband.studiengang_kz='.$_GET['studiengang_kz'];
+		$stg_kz_query='AND tbl_lehrverband.studiengang_kz='.$dbo->db_add_param($_GET['studiengang_kz'], FHC_INTEGER);
 	
 	$sql_query="SELECT tbl_lehrverband.studiengang_kz, tbl_studiengang.bezeichnung, kurzbz,kurzbzlang, typ, tbl_lehrverband.semester, verband, gruppe, gruppe_kurzbz, tbl_lehrverband.bezeichnung AS lvb_bezeichnung, tbl_gruppe.bezeichnung AS grp_bezeichnung
 				FROM (public.tbl_studiengang JOIN public.tbl_lehrverband USING (studiengang_kz))
@@ -276,11 +274,11 @@ function draw_orgformsubmenu($stg_kz, $orgform)
 	}
 	
 	$data = array();
-	$qry = "SELECT semester, verband, gruppe,'' as gruppe_kurzbz, bezeichnung, null as sort FROM public.tbl_lehrverband WHERE orgform_kurzbz='$orgform' AND studiengang_kz='$stg_kz' AND aktiv
+	$qry = "SELECT semester, verband, gruppe,'' as gruppe_kurzbz, bezeichnung, null as sort FROM public.tbl_lehrverband WHERE orgform_kurzbz=".$stg_obj->db_add_param($orgform)." AND studiengang_kz=".$stg_obj->db_add_param($stg_kz)." AND aktiv
 			UNION
-			SELECT semester, '' as verband, '' as gruppe, gruppe_kurzbz, bezeichnung, sort FROM public.tbl_gruppe WHERE studiengang_kz='$stg_kz' AND orgform_kurzbz='$orgform' AND lehre AND sichtbar
+			SELECT semester, '' as verband, '' as gruppe, gruppe_kurzbz, bezeichnung, sort FROM public.tbl_gruppe WHERE studiengang_kz=".$stg_obj->db_add_param($stg_kz)." AND orgform_kurzbz=".$stg_obj->db_add_param($orgform)." AND lehre AND sichtbar
 			UNION
-			SELECT semester, verband, gruppe,'' as gruppe_kurzbz, bezeichnung, null as sort FROM public.tbl_lehrverband WHERE studiengang_kz='$stg_kz' AND semester=0 AND aktiv
+			SELECT semester, verband, gruppe,'' as gruppe_kurzbz, bezeichnung, null as sort FROM public.tbl_lehrverband WHERE studiengang_kz=".$stg_obj->db_add_param($stg_kz)." AND semester=0 AND aktiv
 			ORDER BY semester, verband, gruppe, sort, gruppe_kurzbz";
 	$sem='';
 	$ver='';
@@ -313,7 +311,7 @@ function draw_orgformsubmenu($stg_kz, $orgform)
 		   		
 		   		$orgform_sequence[$stg_kz].= "\t\t\t<RDF:li>";
 				$orgform_sequence[$stg_kz].= "\n\t\t\t\t<RDF:Seq RDF:about=\"$rdf_url$stg_kurzbz/$orgform/$sem\">\n";
-				$qry_bez = "SELECT bezeichnung FROM public.tbl_lehrverband WHERE studiengang_kz='$stg_kz' AND semester='$sem' AND trim(verband)='' AND trim(gruppe)=''";
+				$qry_bez = "SELECT bezeichnung FROM public.tbl_lehrverband WHERE studiengang_kz=".$stg_obj->db_add_param($stg_kz)." AND semester=".$stg_obj->db_add_param($sem)." AND trim(verband)='' AND trim(gruppe)=''";
 				$bezeichnung = '';
 				if($result_bez = $stg_obj->db_query($qry_bez))
 					if($row_bez = $stg_obj->db_fetch_object($result_bez))
diff --git a/system/FH-Complete.txp b/system/FH-Complete.txp
index f8286905d..2b2a20fac 100644
--- a/system/FH-Complete.txp
+++ b/system/FH-Complete.txp
@@ -1530,6 +1530,7 @@
 						<Id>{0A6D3F72-7BA4-44D5-B076-DA1F685CF5C6}</Id>
 						<Id>{B028E005-FE7D-4792-92C6-BF83C74E5E3D}</Id>
 						<Id>{180289A8-A6BE-408C-B113-756BEDDCFB1B}</Id>
+						<Id>{16974D29-5F5F-4F7D-A06F-B29C3E91417B}</Id>
 					</LineList>
 					<DisplayIndexes>0</DisplayIndexes>
 					<AlignInColumns>0</AlignInColumns>
@@ -3312,6 +3313,7 @@
 						<Id>{15491F0E-32E5-4AE7-9446-961C7A930396}</Id>
 						<Id>{93458F5D-F841-458A-B95E-C22E3B2464E2}</Id>
 						<Id>{7A0FD5E5-DE0D-447B-B21E-95E75018C9F5}</Id>
+						<Id>{C59674E4-69F2-406C-8B36-5FB379BA9926}</Id>
 					</LineList>
 					<DisplayIndexes>0</DisplayIndexes>
 					<AlignInColumns>0</AlignInColumns>
@@ -4859,6 +4861,7 @@
 						<Id>{4C95A3CC-D44A-497C-8106-B1606076152E}</Id>
 						<Id>{A1D92432-47E4-46A7-8C5E-60D68A486B2A}</Id>
 						<Id>{826A5147-5BDD-49EF-9343-274ADF926CCC}</Id>
+						<Id>{8E23EA57-4FE3-4C9C-A986-2C68254FF1C3}</Id>
 					</LineList>
 					<DisplayIndexes>0</DisplayIndexes>
 					<AlignInColumns>0</AlignInColumns>
@@ -5061,6 +5064,7 @@
 						<Id>{718D8C7B-AB7F-451E-B2B5-F095A051A67E}</Id>
 						<Id>{CCB1654D-7052-4897-9342-C9D0EC1466A7}</Id>
 						<Id>{75A0FDC5-D193-474D-9D3B-BD9C112D4B59}</Id>
+						<Id>{407CDB33-5DEF-445F-BBDC-F48EADC87D28}</Id>
 					</LineList>
 					<DisplayIndexes>0</DisplayIndexes>
 					<AlignInColumns>0</AlignInColumns>
@@ -7901,6 +7905,7 @@
 						<Id>{AF128E84-AE9A-472B-882D-B282A42F603E}</Id>
 						<Id>{A3526B44-1CC2-414A-9E99-B46710F4A1F4}</Id>
 						<Id>{E07F2B23-9AA1-43B2-BFD1-C3970AB809C8}</Id>
+						<Id>{275291D5-0C6D-4349-902E-64ED199D6640}</Id>
 					</LineList>
 					<DisplayIndexes>0</DisplayIndexes>
 					<AlignInColumns>0</AlignInColumns>
@@ -11229,6 +11234,83 @@
 					<DisplayGraphicalKeys>0</DisplayGraphicalKeys>
 					<Gradient>1</Gradient>
 				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{7E457E09-0B61-4B7A-9B54-FC7ACEEDFA2F}</Id>
+					<Name>tbl_ablauf_vorgaben</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{E61519D8-AA7E-4C8F-B2AD-8691E10A75EF}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>1046</Top>
+					<Left>1176</Left>
+					<z>0</z>
+					<Width>286</Width>
+					<Height>200</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>0</FullBackground>
+					<LineList>
+						<Id>{407CDB33-5DEF-445F-BBDC-F48EADC87D28}</Id>
+						<Id>{8E23EA57-4FE3-4C9C-A986-2C68254FF1C3}</Id>
+						<Id>{275291D5-0C6D-4349-902E-64ED199D6640}</Id>
+					</LineList>
+					<DisplayIndexes>0</DisplayIndexes>
+					<AlignInColumns>0</AlignInColumns>
+					<DisplayMode>2</DisplayMode>
+					<DisplayTypes>0</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>0</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{734BDE07-F467-41B1-9D3D-3C9A5BE09100}</Id>
+					<Name>tbl_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{4555810C-5016-4EC2-A388-576DEFF8B409}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>983</Top>
+					<Left>628</Left>
+					<z>0</z>
+					<Width>387</Width>
+					<Height>200</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>0</FullBackground>
+					<LineList>
+						<Id>{C59674E4-69F2-406C-8B36-5FB379BA9926}</Id>
+						<Id>{16974D29-5F5F-4F7D-A06F-B29C3E91417B}</Id>
+					</LineList>
+					<DisplayIndexes>0</DisplayIndexes>
+					<AlignInColumns>0</AlignInColumns>
+					<DisplayMode>2</DisplayMode>
+					<DisplayTypes>0</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>0</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
 			</ShapeList>
 			<LineList>
 				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
@@ -11425,15 +11507,15 @@
 					<WorkSpaceShape2>
 						<Id>{4874DE2B-E881-4E66-A8A5-D17E9EDC19A0}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1582</NamePositionX>
-					<NamePositionY>1230</NamePositionY>
+					<NamePositionX>1570</NamePositionX>
+					<NamePositionY>1231</NamePositionY>
 					<Points>
 						<Point>
-							<x>1396</x>
+							<x>1372</x>
 							<y>1050</y>
 						</Point>
 						<Point>
-							<x>1396</x>
+							<x>1372</x>
 							<y>1081</y>
 						</Point>
 						<Point>
@@ -12070,15 +12152,15 @@
 					<WorkSpaceShape2>
 						<Id>{76D0F267-8573-4B0F-AB03-EBC38BE8B73E}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1889</NamePositionX>
+					<NamePositionX>1891</NamePositionX>
 					<NamePositionY>1760</NamePositionY>
 					<Points>
 						<Point>
-							<x>1924</x>
+							<x>1928</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1924</x>
+							<x>1928</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -12543,8 +12625,8 @@
 					<WorkSpaceShape2>
 						<Id>{6361673E-711F-44A1-B2A2-567CEFE5EACD}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>6810</NamePositionX>
-					<NamePositionY>1415</NamePositionY>
+					<NamePositionX>6809</NamePositionX>
+					<NamePositionY>1425</NamePositionY>
 					<Points>
 						<Point>
 							<x>1965</x>
@@ -12556,11 +12638,11 @@
 						</Point>
 						<Point>
 							<x>11623</x>
-							<y>990</y>
+							<y>1010</y>
 						</Point>
 						<Point>
 							<x>11654</x>
-							<y>990</y>
+							<y>1010</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -13489,15 +13571,15 @@
 					<WorkSpaceShape2>
 						<Id>{F8B0DFCF-FAB1-4247-9A56-F67ECCB30D76}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>798</NamePositionX>
+					<NamePositionX>797</NamePositionX>
 					<NamePositionY>3015</NamePositionY>
 					<Points>
 						<Point>
-							<x>799</x>
+							<x>797</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>799</x>
+							<x>797</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -13704,15 +13786,15 @@
 					<WorkSpaceShape2>
 						<Id>{B35FD65D-0C46-4189-8CC3-95EEB1CACD89}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>863</NamePositionX>
+					<NamePositionX>859</NamePositionX>
 					<NamePositionY>2530</NamePositionY>
 					<Points>
 						<Point>
-							<x>890</x>
+							<x>881</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>890</x>
+							<x>881</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -17844,15 +17926,15 @@
 					<WorkSpaceShape2>
 						<Id>{56F3FC3E-42C5-4052-8FF0-75960420559F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1763</NamePositionX>
-					<NamePositionY>1176</NamePositionY>
+					<NamePositionX>1765</NamePositionX>
+					<NamePositionY>1175</NamePositionY>
 					<Points>
 						<Point>
-							<x>1897</x>
+							<x>1902</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1897</x>
+							<x>1902</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -18790,15 +18872,15 @@
 					<WorkSpaceShape2>
 						<Id>{11682AEC-5581-4CBA-89C8-588220F15354}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>749</NamePositionX>
+					<NamePositionX>746</NamePositionX>
 					<NamePositionY>1740</NamePositionY>
 					<Points>
 						<Point>
-							<x>1289</x>
+							<x>1283</x>
 							<y>1050</y>
 						</Point>
 						<Point>
-							<x>1289</x>
+							<x>1283</x>
 							<y>1081</y>
 						</Point>
 						<Point>
@@ -19783,11 +19865,11 @@
 					<NamePositionY>1657</NamePositionY>
 					<Points>
 						<Point>
-							<x>1004</x>
+							<x>1006</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>1004</x>
+							<x>1006</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -19951,15 +20033,15 @@
 					<WorkSpaceShape2>
 						<Id>{EBFAE864-4CD4-41DF-8111-7C247E6AC963}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>468</NamePositionX>
+					<NamePositionX>466</NamePositionX>
 					<NamePositionY>1870</NamePositionY>
 					<Points>
 						<Point>
-							<x>822</x>
+							<x>818</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>822</x>
+							<x>818</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -19994,15 +20076,15 @@
 					<WorkSpaceShape2>
 						<Id>{4874DE2B-E881-4E66-A8A5-D17E9EDC19A0}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1414</NamePositionX>
+					<NamePositionX>1416</NamePositionX>
 					<NamePositionY>2310</NamePositionY>
 					<Points>
 						<Point>
-							<x>981</x>
+							<x>985</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>981</x>
+							<x>985</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -20080,15 +20162,15 @@
 					<WorkSpaceShape2>
 						<Id>{56F3FC3E-42C5-4052-8FF0-75960420559F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1264</NamePositionX>
+					<NamePositionX>1256</NamePositionX>
 					<NamePositionY>1835</NamePositionY>
 					<Points>
 						<Point>
-							<x>959</x>
+							<x>943</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>959</x>
+							<x>943</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -21112,23 +21194,23 @@
 					<WorkSpaceShape2>
 						<Id>{19E1665B-FCB8-4554-A7A2-963E83A3BEC2}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1131</NamePositionX>
+					<NamePositionX>1117</NamePositionX>
 					<NamePositionY>2070</NamePositionY>
 					<Points>
 						<Point>
-							<x>1325</x>
+							<x>1313</x>
 							<y>1050</y>
 						</Point>
 						<Point>
-							<x>1325</x>
+							<x>1313</x>
 							<y>1081</y>
 						</Point>
 						<Point>
-							<x>936</x>
+							<x>922</x>
 							<y>3059</y>
 						</Point>
 						<Point>
-							<x>936</x>
+							<x>922</x>
 							<y>3090</y>
 						</Point>
 					</Points>
@@ -25265,15 +25347,15 @@
 						<Id>{90655845-3A09-4D53-A0CA-86FFF9DDD720}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>7095</NamePositionX>
-					<NamePositionY>3152</NamePositionY>
+					<NamePositionY>3155</NamePositionY>
 					<Points>
 						<Point>
 							<x>7338</x>
-							<y>3095</y>
+							<y>3099</y>
 						</Point>
 						<Point>
 							<x>7307</x>
-							<y>3095</y>
+							<y>3099</y>
 						</Point>
 						<Point>
 							<x>7083</x>
@@ -25437,15 +25519,15 @@
 						<Id>{124C017F-994B-4518-962A-EE15CE4220BF}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>6699</NamePositionX>
-					<NamePositionY>3138</NamePositionY>
+					<NamePositionY>3143</NamePositionY>
 					<Points>
 						<Point>
 							<x>7338</x>
-							<y>3061</y>
+							<y>3071</y>
 						</Point>
 						<Point>
 							<x>7307</x>
-							<y>3061</y>
+							<y>3071</y>
 						</Point>
 						<Point>
 							<x>6290</x>
@@ -26320,15 +26402,15 @@
 					<WorkSpaceShape2>
 						<Id>{FDA8ACE6-4AF5-4B56-87F2-17B641EDA3A9}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1162</NamePositionX>
+					<NamePositionX>1166</NamePositionX>
 					<NamePositionY>1153</NamePositionY>
 					<Points>
 						<Point>
-							<x>1856</x>
+							<x>1865</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1856</x>
+							<x>1865</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -26363,15 +26445,15 @@
 					<WorkSpaceShape2>
 						<Id>{FDA8ACE6-4AF5-4B56-87F2-17B641EDA3A9}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1126</NamePositionX>
+					<NamePositionX>1131</NamePositionX>
 					<NamePositionY>1153</NamePositionY>
 					<Points>
 						<Point>
-							<x>1842</x>
+							<x>1852</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1842</x>
+							<x>1852</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -26535,15 +26617,15 @@
 					<WorkSpaceShape2>
 						<Id>{AF996D52-5028-4F30-A83A-5F1CCD1C0B61}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2314</NamePositionX>
+					<NamePositionX>2315</NamePositionX>
 					<NamePositionY>1318</NamePositionY>
 					<Points>
 						<Point>
-							<x>1938</x>
+							<x>1940</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1938</x>
+							<x>1940</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -26708,15 +26790,15 @@
 						<Id>{56F3FC3E-42C5-4052-8FF0-75960420559F}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>4413</NamePositionX>
-					<NamePositionY>1695</NamePositionY>
+					<NamePositionY>1689</NamePositionY>
 					<Points>
 						<Point>
 							<x>7338</x>
-							<y>2995</y>
+							<y>2985</y>
 						</Point>
 						<Point>
 							<x>7307</x>
-							<y>2995</y>
+							<y>2985</y>
 						</Point>
 						<Point>
 							<x>1719</x>
@@ -27709,15 +27791,15 @@
 						<Id>{0627FA8D-D241-405E-92A8-35CAE7E3721A}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>6594</NamePositionX>
-					<NamePositionY>2371</NamePositionY>
+					<NamePositionY>2369</NamePositionY>
 					<Points>
 						<Point>
 							<x>7338</x>
-							<y>2961</y>
+							<y>2957</y>
 						</Point>
 						<Point>
 							<x>7307</x>
-							<y>2961</y>
+							<y>2957</y>
 						</Point>
 						<Point>
 							<x>6081</x>
@@ -29128,7 +29210,7 @@
 						<Id>{6361673E-711F-44A1-B2A2-567CEFE5EACD}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>6111</NamePositionX>
-					<NamePositionY>771</NamePositionY>
+					<NamePositionY>766</NamePositionY>
 					<Points>
 						<Point>
 							<x>768</x>
@@ -29140,11 +29222,11 @@
 						</Point>
 						<Point>
 							<x>11623</x>
-							<y>940</y>
+							<y>930</y>
 						</Point>
 						<Point>
 							<x>11654</x>
-							<y>940</y>
+							<y>930</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -29170,8 +29252,8 @@
 					<WorkSpaceShape2>
 						<Id>{6361673E-711F-44A1-B2A2-567CEFE5EACD}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>6709</NamePositionX>
-					<NamePositionY>1384</NamePositionY>
+					<NamePositionX>6710</NamePositionX>
+					<NamePositionY>1389</NamePositionY>
 					<Points>
 						<Point>
 							<x>1965</x>
@@ -29183,11 +29265,11 @@
 						</Point>
 						<Point>
 							<x>11623</x>
-							<y>1040</y>
+							<y>1050</y>
 						</Point>
 						<Point>
 							<x>11654</x>
-							<y>1040</y>
+							<y>1050</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -29257,15 +29339,15 @@
 						<Id>{686847C1-A3BD-40F5-A36F-989D0AB76CAB}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>3953</NamePositionX>
-					<NamePositionY>1840</NamePositionY>
+					<NamePositionY>1833</NamePositionY>
 					<Points>
 						<Point>
 							<x>7338</x>
-							<y>3028</y>
+							<y>3014</y>
 						</Point>
 						<Point>
 							<x>7307</x>
-							<y>3028</y>
+							<y>3014</y>
 						</Point>
 						<Point>
 							<x>799</x>
@@ -29784,15 +29866,15 @@
 					<WorkSpaceShape2>
 						<Id>{C522B229-88DF-41A1-A7B4-A7D7511BBEA4}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>838</NamePositionX>
+					<NamePositionX>832</NamePositionX>
 					<NamePositionY>1996</NamePositionY>
 					<Points>
 						<Point>
-							<x>913</x>
+							<x>902</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>913</x>
+							<x>902</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -29956,15 +30038,15 @@
 					<WorkSpaceShape2>
 						<Id>{39005A0A-B503-4F3E-B3BB-4DB2B1A0D3D3}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1739</NamePositionX>
-					<NamePositionY>1686</NamePositionY>
+					<NamePositionX>1738</NamePositionX>
+					<NamePositionY>1687</NamePositionY>
 					<Points>
 						<Point>
-							<x>1829</x>
+							<x>1828</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1829</x>
+							<x>1828</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -30711,7 +30793,7 @@
 					<WorkSpaceShape2>
 						<Id>{19E1665B-FCB8-4554-A7A2-963E83A3BEC2}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>584</NamePositionX>
+					<NamePositionX>581</NamePositionX>
 					<NamePositionY>1926</NamePositionY>
 					<Points>
 						<Point>
@@ -30723,11 +30805,11 @@
 							<y>913</y>
 						</Point>
 						<Point>
-							<x>867</x>
+							<x>860</x>
 							<y>3059</y>
 						</Point>
 						<Point>
-							<x>867</x>
+							<x>860</x>
 							<y>3090</y>
 						</Point>
 					</Points>
@@ -30797,15 +30879,15 @@
 					<WorkSpaceShape2>
 						<Id>{A50BDBEA-BD7A-4ADA-9428-BA18B76BA004}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1483</NamePositionX>
+					<NamePositionX>1474</NamePositionX>
 					<NamePositionY>1235</NamePositionY>
 					<Points>
 						<Point>
-							<x>1360</x>
+							<x>1342</x>
 							<y>1050</y>
 						</Point>
 						<Point>
-							<x>1360</x>
+							<x>1342</x>
 							<y>1081</y>
 						</Point>
 						<Point>
@@ -30926,15 +31008,15 @@
 					<WorkSpaceShape2>
 						<Id>{0722D904-96D3-4293-8569-901DCEA3B1B3}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>595</NamePositionX>
+					<NamePositionX>593</NamePositionX>
 					<NamePositionY>2101</NamePositionY>
 					<Points>
 						<Point>
-							<x>844</x>
+							<x>839</x>
 							<y>3090</y>
 						</Point>
 						<Point>
-							<x>844</x>
+							<x>839</x>
 							<y>3059</y>
 						</Point>
 						<Point>
@@ -31055,15 +31137,15 @@
 					<WorkSpaceShape2>
 						<Id>{E4900B6E-F92D-4D12-B76E-F634F1FA5145}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1182</NamePositionX>
+					<NamePositionX>1186</NamePositionX>
 					<NamePositionY>1157</NamePositionY>
 					<Points>
 						<Point>
-							<x>1870</x>
+							<x>1878</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1870</x>
+							<x>1878</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -31141,15 +31223,15 @@
 					<WorkSpaceShape2>
 						<Id>{70AAF4C6-BC88-4603-AF81-B0CA11254C00}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1280</NamePositionX>
+					<NamePositionX>1284</NamePositionX>
 					<NamePositionY>1041</NamePositionY>
 					<Points>
 						<Point>
-							<x>1883</x>
+							<x>1890</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1883</x>
+							<x>1890</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -32173,15 +32255,15 @@
 					<WorkSpaceShape2>
 						<Id>{D69635A5-03A9-42FC-8E80-920CCD7E3FA1}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2385</NamePositionX>
+					<NamePositionX>2386</NamePositionX>
 					<NamePositionY>1303</NamePositionY>
 					<Points>
 						<Point>
-							<x>1951</x>
+							<x>1952</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1951</x>
+							<x>1952</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -32689,15 +32771,15 @@
 					<WorkSpaceShape2>
 						<Id>{6EFCF220-429A-4F0A-B740-E2EAD998C78F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1823</NamePositionX>
+					<NamePositionX>1825</NamePositionX>
 					<NamePositionY>1355</NamePositionY>
 					<Points>
 						<Point>
-							<x>1910</x>
+							<x>1915</x>
 							<y>1770</y>
 						</Point>
 						<Point>
-							<x>1910</x>
+							<x>1915</x>
 							<y>1739</y>
 						</Point>
 						<Point>
@@ -33226,6 +33308,221 @@
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{407CDB33-5DEF-445F-BBDC-F48EADC87D28}</Id>
+					<Name>fk_studiengang_ablauf_vorgaben</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{9D92C7FE-9D54-4A6E-A2F4-58291CA8A17F}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{6BD0CCF6-C25C-4F65-BB8C-2E6FC3D60A65}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{19E1665B-FCB8-4554-A7A2-963E83A3BEC2}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{7E457E09-0B61-4B7A-9B54-FC7ACEEDFA2F}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>1041</NamePositionX>
+					<NamePositionY>2108</NamePositionY>
+					<Points>
+						<Point>
+							<x>964</x>
+							<y>3090</y>
+						</Point>
+						<Point>
+							<x>964</x>
+							<y>3059</y>
+						</Point>
+						<Point>
+							<x>1319</x>
+							<y>1277</y>
+						</Point>
+						<Point>
+							<x>1319</x>
+							<y>1246</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{8E23EA57-4FE3-4C9C-A986-2C68254FF1C3}</Id>
+					<Name>fk_sprache_ablauf_vorgaben</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{904FCBA8-EF78-4222-B577-9B1A755BE32A}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{7287139E-D56F-49A7-B66D-8BE7E5E4ED17}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{939344E5-4039-401F-92B7-4CAE1BB8583E}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{7E457E09-0B61-4B7A-9B54-FC7ACEEDFA2F}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>1260</NamePositionX>
+					<NamePositionY>988</NamePositionY>
+					<Points>
+						<Point>
+							<x>1402</x>
+							<y>1050</y>
+						</Point>
+						<Point>
+							<x>1402</x>
+							<y>1081</y>
+						</Point>
+						<Point>
+							<x>1319</x>
+							<y>1015</y>
+						</Point>
+						<Point>
+							<x>1319</x>
+							<y>1046</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{275291D5-0C6D-4349-902E-64ED199D6640}</Id>
+					<Name>fk_content_ablauf_vorgabe</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{34297C8E-4F5A-4264-8EC0-DA2525BBD056}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{FDF638AA-C04C-4007-A228-AB975C067734}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{623301F1-461B-4500-B1CF-4588AD8C3A4E}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{7E457E09-0B61-4B7A-9B54-FC7ACEEDFA2F}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>4300</NamePositionX>
+					<NamePositionY>2034</NamePositionY>
+					<Points>
+						<Point>
+							<x>7338</x>
+							<y>3042</y>
+						</Point>
+						<Point>
+							<x>7307</x>
+							<y>3042</y>
+						</Point>
+						<Point>
+							<x>1493</x>
+							<y>1146</y>
+						</Point>
+						<Point>
+							<x>1462</x>
+							<y>1146</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{C59674E4-69F2-406C-8B36-5FB379BA9926}</Id>
+					<Name>fk_benutzer_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{A8BF5673-FD70-4602-B0D3-8BE031460910}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{D5D8FED0-6E7D-4EA7-9AF6-61B1E68B1039}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{50F56A06-2253-4C1B-B89F-1C7F3210F086}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{734BDE07-F467-41B1-9D3D-3C9A5BE09100}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>1343</NamePositionX>
+					<NamePositionY>1368</NamePositionY>
+					<Points>
+						<Point>
+							<x>1840</x>
+							<y>1770</y>
+						</Point>
+						<Point>
+							<x>1840</x>
+							<y>1739</y>
+						</Point>
+						<Point>
+							<x>1046</x>
+							<y>1116</y>
+						</Point>
+						<Point>
+							<x>1015</x>
+							<y>1116</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{16974D29-5F5F-4F7D-A06F-B29C3E91417B}</Id>
+					<Name>fk_zeitaufzeichnung_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{A64B9450-A3DC-4431-A5FB-C3EF5E2827AB}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{FDA5B841-7FCE-4A9D-B890-BA5A1814FBE2}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{6361673E-711F-44A1-B2A2-567CEFE5EACD}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{734BDE07-F467-41B1-9D3D-3C9A5BE09100}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>6235</NamePositionX>
+					<NamePositionY>950</NamePositionY>
+					<Points>
+						<Point>
+							<x>11654</x>
+							<y>970</y>
+						</Point>
+						<Point>
+							<x>11623</x>
+							<y>970</y>
+						</Point>
+						<Point>
+							<x>1046</x>
+							<y>1050</y>
+						</Point>
+						<Point>
+							<x>1015</x>
+							<y>1050</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
 			</LineList>
 			<Page>
 				<WorkSpacePagePG83 ObjectType="1511" CSAOName="WorkSpacePagePG83">
@@ -33414,7 +33711,7 @@
 					<Left>6454</Left>
 					<z>0</z>
 					<Width>595</Width>
-					<Height>239</Height>
+					<Height>278</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
 					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
@@ -36830,16 +37127,16 @@
 					<WorkSpaceShape2>
 						<Id>{4B8FF0F0-CE9E-4D02-B29F-73FEB38DB1AC}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>7890</NamePositionX>
-					<NamePositionY>2343</NamePositionY>
+					<NamePositionX>7889</NamePositionX>
+					<NamePositionY>2352</NamePositionY>
 					<Points>
 						<Point>
 							<x>7049</x>
-							<y>1608</y>
+							<y>1627</y>
 						</Point>
 						<Point>
 							<x>7080</x>
-							<y>1608</y>
+							<y>1627</y>
 						</Point>
 						<Point>
 							<x>8723</x>
@@ -36874,15 +37171,15 @@
 						<Id>{6197D07D-4517-402A-9CB4-3BE888A5681A}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>6583</NamePositionX>
-					<NamePositionY>20</NamePositionY>
+					<NamePositionY>30</NamePositionY>
 					<Points>
 						<Point>
 							<x>6454</x>
-							<y>1608</y>
+							<y>1627</y>
 						</Point>
 						<Point>
 							<x>6423</x>
-							<y>1608</y>
+							<y>1627</y>
 						</Point>
 						<Point>
 							<x>805</x>
@@ -36917,15 +37214,15 @@
 						<Id>{33986E60-971D-45AB-863E-3389A4534998}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>6276</NamePositionX>
-					<NamePositionY>1587</NamePositionY>
+					<NamePositionY>1592</NamePositionY>
 					<Points>
 						<Point>
 							<x>6454</x>
-							<y>1548</y>
+							<y>1558</y>
 						</Point>
 						<Point>
 							<x>6423</x>
-							<y>1548</y>
+							<y>1558</y>
 						</Point>
 						<Point>
 							<x>3351</x>
@@ -38004,15 +38301,15 @@
 						<Id>{C195CE02-3F72-4DF3-9B07-3A3C29D73AC3}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>6750</NamePositionX>
-					<NamePositionY>1699</NamePositionY>
+					<NamePositionY>1719</NamePositionY>
 					<Points>
 						<Point>
 							<x>6752</x>
-							<y>1727</y>
+							<y>1766</y>
 						</Point>
 						<Point>
 							<x>6752</x>
-							<y>1758</y>
+							<y>1797</y>
 						</Point>
 						<Point>
 							<x>6748</x>
@@ -38735,15 +39032,15 @@
 						<Id>{0EE926FD-0EA7-4336-95DA-DD0F37815494}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>5705</NamePositionX>
-					<NamePositionY>2700</NamePositionY>
+					<NamePositionY>2715</NamePositionY>
 					<Points>
 						<Point>
 							<x>6454</x>
-							<y>1667</y>
+							<y>1696</y>
 						</Point>
 						<Point>
 							<x>6423</x>
-							<y>1667</y>
+							<y>1696</y>
 						</Point>
 						<Point>
 							<x>4390</x>
@@ -40464,7 +40761,7 @@
 					<Left>2574</Left>
 					<z>0</z>
 					<Width>595</Width>
-					<Height>239</Height>
+					<Height>278</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
 					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
@@ -41187,16 +41484,16 @@
 					<WorkSpaceShape2>
 						<Id>{8128BC5E-C8F2-4AC5-983A-DB6FC13AFA3D}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2085</NamePositionX>
+					<NamePositionX>2086</NamePositionX>
 					<NamePositionY>1551</NamePositionY>
 					<Points>
 						<Point>
 							<x>2574</x>
-							<y>1664</y>
+							<y>1684</y>
 						</Point>
 						<Point>
 							<x>2543</x>
-							<y>1664</y>
+							<y>1684</y>
 						</Point>
 						<Point>
 							<x>2441</x>
@@ -48558,7 +48855,7 @@
 					<Top>1458</Top>
 					<Left>3774</Left>
 					<z>0</z>
-					<Width>553</Width>
+					<Width>489</Width>
 					<Height>395</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48596,7 +48893,7 @@
 					<Top>2237</Top>
 					<Left>3767</Left>
 					<z>0</z>
-					<Width>553</Width>
+					<Width>489</Width>
 					<Height>356</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48631,10 +48928,10 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>1710</Top>
-					<Left>2480</Left>
+					<Top>1607</Top>
+					<Left>2391</Left>
 					<z>0</z>
-					<Width>524</Width>
+					<Width>477</Width>
 					<Height>356</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48672,7 +48969,7 @@
 					<Top>1722</Top>
 					<Left>1354</Left>
 					<z>0</z>
-					<Width>651</Width>
+					<Width>573</Width>
 					<Height>356</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48712,7 +49009,7 @@
 					<Top>191</Top>
 					<Left>3646</Left>
 					<z>0</z>
-					<Width>601</Width>
+					<Width>528</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48750,7 +49047,7 @@
 					<Top>40</Top>
 					<Left>2361</Left>
 					<z>0</z>
-					<Width>699</Width>
+					<Width>618</Width>
 					<Height>785</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48790,7 +49087,7 @@
 					<Top>874</Top>
 					<Left>2646</Left>
 					<z>0</z>
-					<Width>551</Width>
+					<Width>486</Width>
 					<Height>395</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48828,7 +49125,7 @@
 					<Top>572</Top>
 					<Left>3657</Left>
 					<z>0</z>
-					<Width>654</Width>
+					<Width>576</Width>
 					<Height>512</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48868,7 +49165,7 @@
 					<Top>2294</Top>
 					<Left>1472</Left>
 					<z>0</z>
-					<Width>477</Width>
+					<Width>433</Width>
 					<Height>239</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48906,7 +49203,7 @@
 					<Top>58</Top>
 					<Left>1318</Left>
 					<z>0</z>
-					<Width>638</Width>
+					<Width>565</Width>
 					<Height>473</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48944,7 +49241,7 @@
 					<Top>504</Top>
 					<Left>234</Left>
 					<z>0</z>
-					<Width>788</Width>
+					<Width>690</Width>
 					<Height>1253</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -48955,6 +49252,7 @@
 						<Id>{60E84379-BE24-4B42-9B0F-3B05A3D8A56B}</Id>
 						<Id>{542F0E75-8466-4EC1-9D8A-AD58D6DC5ED7}</Id>
 						<Id>{619FFE55-2550-4510-8843-0AF63074F9BE}</Id>
+						<Id>{DF5C5390-D8DC-4E79-9925-FE466743954E}</Id>
 					</LineList>
 					<DisplayIndexes>1</DisplayIndexes>
 					<AlignInColumns>1</AlignInColumns>
@@ -48983,8 +49281,8 @@
 					<Top>1910</Top>
 					<Left>125</Left>
 					<z>0</z>
-					<Width>753</Width>
-					<Height>1370</Height>
+					<Width>667</Width>
+					<Height>1409</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
 					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
@@ -49018,10 +49316,10 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>1274</Top>
-					<Left>1510</Left>
+					<Top>1241</Top>
+					<Left>1691</Left>
 					<z>0</z>
-					<Width>653</Width>
+					<Width>574</Width>
 					<Height>278</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -49031,6 +49329,7 @@
 					<LineList>
 						<Id>{00A190DB-D9B7-4A65-996B-A26BC966F65D}</Id>
 						<Id>{54057B8A-1269-4AA0-829D-E17906C4747A}</Id>
+						<Id>{ECA5A30A-2058-4CCF-B3FA-98CB7EA1D080}</Id>
 					</LineList>
 					<DisplayIndexes>1</DisplayIndexes>
 					<AlignInColumns>1</AlignInColumns>
@@ -49087,7 +49386,7 @@
 					<Top>57</Top>
 					<Left>116</Left>
 					<z>0</z>
-					<Width>438</Width>
+					<Width>390</Width>
 					<Height>288</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -49112,10 +49411,10 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>658</Top>
-					<Left>1359</Left>
+					<Top>596</Top>
+					<Left>1736</Left>
 					<z>0</z>
-					<Width>601</Width>
+					<Width>528</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -49133,6 +49432,82 @@
 					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
 					<Gradient>1</Gradient>
 				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{3E4EDBFE-CF61-4F42-8959-6AF73802CF17}</Id>
+					<Name>tbl_ablauf_vorgaben</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{B5C1EF52-287E-4A49-ACA8-C924C19EA612}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>12632256</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>695</Top>
+					<Left>1108</Left>
+					<z>0</z>
+					<Width>551</Width>
+					<Height>395</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>1</FullBackground>
+					<LineList>
+						<Id>{DF5C5390-D8DC-4E79-9925-FE466743954E}</Id>
+						<Id>{ECA5A30A-2058-4CCF-B3FA-98CB7EA1D080}</Id>
+						<Id>{66CA4223-3788-4982-AAB6-EBF66089639D}</Id>
+					</LineList>
+					<DisplayIndexes>1</DisplayIndexes>
+					<AlignInColumns>1</AlignInColumns>
+					<DisplayMode>5</DisplayMode>
+					<DisplayTypes>1</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{783FB22A-5EE5-4299-9249-937EC0DFD2B8}</Id>
+					<Name>tbl_content</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{24D0BF38-6F10-40D3-B0C5-48D1778DDCF9}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{57CF0E77-D04F-44B8-93B2-66C2651DD4F8}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>1232</Top>
+					<Left>983</Left>
+					<z>0</z>
+					<Width>520</Width>
+					<Height>434</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>0</FullBackground>
+					<LineList>
+						<Id>{66CA4223-3788-4982-AAB6-EBF66089639D}</Id>
+					</LineList>
+					<DisplayIndexes>1</DisplayIndexes>
+					<AlignInColumns>1</AlignInColumns>
+					<DisplayMode>5</DisplayMode>
+					<DisplayTypes>1</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
 			</ShapeList>
 			<LineList>
 				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
@@ -49157,23 +49532,23 @@
 					<WorkSpaceShape2>
 						<Id>{CC7A2197-755A-49A6-947B-6A68FE8EB9C0}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3992</NamePositionX>
+					<NamePositionX>3960</NamePositionX>
 					<NamePositionY>1985</NamePositionY>
 					<Points>
 						<Point>
-							<x>4044</x>
+							<x>4012</x>
 							<y>2237</y>
 						</Point>
 						<Point>
-							<x>4044</x>
+							<x>4012</x>
 							<y>2206</y>
 						</Point>
 						<Point>
-							<x>4050</x>
+							<x>4018</x>
 							<y>1884</y>
 						</Point>
 						<Point>
-							<x>4050</x>
+							<x>4018</x>
 							<y>1853</y>
 						</Point>
 					</Points>
@@ -49200,7 +49575,7 @@
 					<WorkSpaceShape2>
 						<Id>{2E63F586-6E92-4A06-AD1E-51C537E2A27C}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2759</NamePositionX>
+					<NamePositionX>2737</NamePositionX>
 					<NamePositionY>2382</NamePositionY>
 					<Points>
 						<Point>
@@ -49212,11 +49587,11 @@
 							<y>2415</y>
 						</Point>
 						<Point>
-							<x>1980</x>
+							<x>1936</x>
 							<y>2414</y>
 						</Point>
 						<Point>
-							<x>1949</x>
+							<x>1905</x>
 							<y>2414</y>
 						</Point>
 					</Points>
@@ -49243,23 +49618,23 @@
 					<WorkSpaceShape2>
 						<Id>{744DF66B-0A2B-4220-A1CE-27094A300A0F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>394</NamePositionX>
+					<NamePositionX>356</NamePositionX>
 					<NamePositionY>1778</NamePositionY>
 					<Points>
 						<Point>
-							<x>497</x>
+							<x>464</x>
 							<y>1757</y>
 						</Point>
 						<Point>
-							<x>497</x>
+							<x>464</x>
 							<y>1788</y>
 						</Point>
 						<Point>
-							<x>502</x>
+							<x>458</x>
 							<y>1879</y>
 						</Point>
 						<Point>
-							<x>502</x>
+							<x>458</x>
 							<y>1910</y>
 						</Point>
 					</Points>
@@ -49286,24 +49661,24 @@
 					<WorkSpaceShape2>
 						<Id>{613417C4-4766-41A0-9F07-BBA51BC43A84}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2173</NamePositionX>
-					<NamePositionY>1840</NamePositionY>
+					<NamePositionX>2090</NamePositionX>
+					<NamePositionY>1788</NamePositionY>
 					<Points>
 						<Point>
-							<x>2005</x>
+							<x>1927</x>
 							<y>1900</y>
 						</Point>
 						<Point>
-							<x>2036</x>
+							<x>1958</x>
 							<y>1900</y>
 						</Point>
 						<Point>
-							<x>2449</x>
-							<y>1888</y>
+							<x>2360</x>
+							<y>1785</y>
 						</Point>
 						<Point>
-							<x>2480</x>
-							<y>1888</y>
+							<x>2391</x>
+							<y>1785</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -49329,8 +49704,8 @@
 					<WorkSpaceShape2>
 						<Id>{613417C4-4766-41A0-9F07-BBA51BC43A84}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3230</NamePositionX>
-					<NamePositionY>1362</NamePositionY>
+					<NamePositionX>3163</NamePositionX>
+					<NamePositionY>1310</NamePositionY>
 					<Points>
 						<Point>
 							<x>3657</x>
@@ -49341,12 +49716,12 @@
 							<y>956</y>
 						</Point>
 						<Point>
-							<x>3035</x>
-							<y>1888</y>
+							<x>2899</x>
+							<y>1785</y>
 						</Point>
 						<Point>
-							<x>3004</x>
-							<y>1888</y>
+							<x>2868</x>
+							<y>1785</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -49372,7 +49747,7 @@
 					<WorkSpaceShape2>
 						<Id>{B254C47C-8FD9-4829-8B6B-05F38658BEBF}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3327</NamePositionX>
+					<NamePositionX>3295</NamePositionX>
 					<NamePositionY>890</NamePositionY>
 					<Points>
 						<Point>
@@ -49384,11 +49759,11 @@
 							<y>828</y>
 						</Point>
 						<Point>
-							<x>3228</x>
+							<x>3163</x>
 							<y>1072</y>
 						</Point>
 						<Point>
-							<x>3197</x>
+							<x>3132</x>
 							<y>1072</y>
 						</Point>
 					</Points>
@@ -49415,15 +49790,15 @@
 					<WorkSpaceShape2>
 						<Id>{07671D5F-C98D-435D-9506-BEDB90120E11}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>986</NamePositionX>
+					<NamePositionX>953</NamePositionX>
 					<NamePositionY>1728</NamePositionY>
 					<Points>
 						<Point>
-							<x>759</x>
+							<x>694</x>
 							<y>1757</y>
 						</Point>
 						<Point>
-							<x>759</x>
+							<x>694</x>
 							<y>1788</y>
 						</Point>
 						<Point>
@@ -49458,15 +49833,15 @@
 					<WorkSpaceShape2>
 						<Id>{0BB48FE5-A87A-4F1F-B88B-513139B22E52}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3253</NamePositionX>
-					<NamePositionY>295</NamePositionY>
+					<NamePositionX>3212</NamePositionX>
+					<NamePositionY>296</NamePositionY>
 					<Points>
 						<Point>
-							<x>3060</x>
+							<x>2979</x>
 							<y>302</y>
 						</Point>
 						<Point>
-							<x>3091</x>
+							<x>3010</x>
 							<y>302</y>
 						</Point>
 						<Point>
@@ -49501,23 +49876,23 @@
 					<WorkSpaceShape2>
 						<Id>{7D6EADAC-ACC7-41FB-AD70-288F9DA9408A}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3865</NamePositionX>
-					<NamePositionY>421</NamePositionY>
+					<NamePositionX>3828</NamePositionX>
+					<NamePositionY>422</NamePositionY>
 					<Points>
 						<Point>
-							<x>3946</x>
+							<x>3910</x>
 							<y>391</y>
 						</Point>
 						<Point>
-							<x>3946</x>
+							<x>3910</x>
 							<y>422</y>
 						</Point>
 						<Point>
-							<x>3984</x>
+							<x>3945</x>
 							<y>541</y>
 						</Point>
 						<Point>
-							<x>3984</x>
+							<x>3945</x>
 							<y>572</y>
 						</Point>
 					</Points>
@@ -49544,23 +49919,23 @@
 					<WorkSpaceShape2>
 						<Id>{2E63F586-6E92-4A06-AD1E-51C537E2A27C}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1633</NamePositionX>
+					<NamePositionX>1602</NamePositionX>
 					<NamePositionY>2124</NamePositionY>
 					<Points>
 						<Point>
-							<x>1680</x>
+							<x>1640</x>
 							<y>2078</y>
 						</Point>
 						<Point>
-							<x>1680</x>
+							<x>1640</x>
 							<y>2109</y>
 						</Point>
 						<Point>
-							<x>1710</x>
+							<x>1688</x>
 							<y>2263</y>
 						</Point>
 						<Point>
-							<x>1710</x>
+							<x>1688</x>
 							<y>2294</y>
 						</Point>
 					</Points>
@@ -49587,15 +49962,15 @@
 					<WorkSpaceShape2>
 						<Id>{DEFD0E28-68FD-4DC3-B6E3-0991505F2906}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>947</NamePositionX>
-					<NamePositionY>413</NamePositionY>
+					<NamePositionX>923</NamePositionX>
+					<NamePositionY>412</NamePositionY>
 					<Points>
 						<Point>
-							<x>628</x>
+							<x>579</x>
 							<y>504</y>
 						</Point>
 						<Point>
-							<x>628</x>
+							<x>579</x>
 							<y>473</y>
 						</Point>
 						<Point>
@@ -49630,7 +50005,7 @@
 					<WorkSpaceShape2>
 						<Id>{DEFD0E28-68FD-4DC3-B6E3-0991505F2906}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2059</NamePositionX>
+					<NamePositionX>2022</NamePositionX>
 					<NamePositionY>289</NamePositionY>
 					<Points>
 						<Point>
@@ -49642,11 +50017,11 @@
 							<y>302</y>
 						</Point>
 						<Point>
-							<x>1987</x>
+							<x>1914</x>
 							<y>294</y>
 						</Point>
 						<Point>
-							<x>1956</x>
+							<x>1883</x>
 							<y>294</y>
 						</Point>
 					</Points>
@@ -49673,15 +50048,15 @@
 					<WorkSpaceShape2>
 						<Id>{7D6EADAC-ACC7-41FB-AD70-288F9DA9408A}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3259</NamePositionX>
+					<NamePositionX>3218</NamePositionX>
 					<NamePositionY>571</NamePositionY>
 					<Points>
 						<Point>
-							<x>3060</x>
+							<x>2979</x>
 							<y>563</y>
 						</Point>
 						<Point>
-							<x>3091</x>
+							<x>3010</x>
 							<y>563</y>
 						</Point>
 						<Point>
@@ -49716,16 +50091,16 @@
 					<WorkSpaceShape2>
 						<Id>{CC7A2197-755A-49A6-947B-6A68FE8EB9C0}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2992</NamePositionX>
-					<NamePositionY>1373</NamePositionY>
+					<NamePositionX>3043</NamePositionX>
+					<NamePositionY>1357</NamePositionY>
 					<Points>
 						<Point>
-							<x>2163</x>
-							<y>1459</y>
+							<x>2265</x>
+							<y>1426</y>
 						</Point>
 						<Point>
-							<x>2194</x>
-							<y>1459</y>
+							<x>2296</x>
+							<y>1426</y>
 						</Point>
 						<Point>
 							<x>3743</x>
@@ -49759,16 +50134,16 @@
 					<WorkSpaceShape2>
 						<Id>{B254C47C-8FD9-4829-8B6B-05F38658BEBF}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2436</NamePositionX>
-					<NamePositionY>1272</NamePositionY>
+					<NamePositionX>2487</NamePositionX>
+					<NamePositionY>1256</NamePositionY>
 					<Points>
 						<Point>
-							<x>2163</x>
-							<y>1367</y>
+							<x>2265</x>
+							<y>1334</y>
 						</Point>
 						<Point>
-							<x>2194</x>
-							<y>1367</y>
+							<x>2296</x>
+							<y>1334</y>
 						</Point>
 						<Point>
 							<x>2615</x>
@@ -49802,16 +50177,16 @@
 					<WorkSpaceShape2>
 						<Id>{07671D5F-C98D-435D-9506-BEDB90120E11}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1033</NamePositionX>
-					<NamePositionY>2220</NamePositionY>
+					<NamePositionX>990</NamePositionX>
+					<NamePositionY>2229</NamePositionY>
 					<Points>
 						<Point>
-							<x>878</x>
-							<y>2595</y>
+							<x>792</x>
+							<y>2614</y>
 						</Point>
 						<Point>
-							<x>909</x>
-							<y>2595</y>
+							<x>823</x>
+							<y>2614</y>
 						</Point>
 						<Point>
 							<x>1323</x>
@@ -49845,8 +50220,8 @@
 					<WorkSpaceShape2>
 						<Id>{0E039648-FB60-4F00-A2CE-5C69D65AFCCF}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2069</NamePositionX>
-					<NamePositionY>579</NamePositionY>
+					<NamePositionX>2220</NamePositionX>
+					<NamePositionY>548</NamePositionY>
 					<Points>
 						<Point>
 							<x>2361</x>
@@ -49857,12 +50232,141 @@
 							<y>563</y>
 						</Point>
 						<Point>
-							<x>1991</x>
-							<y>758</y>
+							<x>2295</x>
+							<y>696</y>
 						</Point>
 						<Point>
-							<x>1960</x>
-							<y>758</y>
+							<x>2264</x>
+							<y>696</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{DF5C5390-D8DC-4E79-9925-FE466743954E}</Id>
+					<Name>fk_studiengang_ablauf_vorgaben</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{CFCCA0A4-A5B9-4ED4-B681-9C181F24A4C9}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{6BD0CCF6-C25C-4F65-BB8C-2E6FC3D60A65}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{215E2A65-9DA8-471A-832E-7CE6C8DE8250}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{3E4EDBFE-CF61-4F42-8959-6AF73802CF17}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>916</NamePositionX>
+					<NamePositionY>951</NamePositionY>
+					<Points>
+						<Point>
+							<x>924</x>
+							<y>1130</y>
+						</Point>
+						<Point>
+							<x>955</x>
+							<y>1130</y>
+						</Point>
+						<Point>
+							<x>1077</x>
+							<y>892</y>
+						</Point>
+						<Point>
+							<x>1108</x>
+							<y>892</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{ECA5A30A-2058-4CCF-B3FA-98CB7EA1D080}</Id>
+					<Name>fk_sprache_ablauf_vorgaben</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{BB0BAE31-B790-4329-8190-D7E2486576B5}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{7287139E-D56F-49A7-B66D-8BE7E5E4ED17}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{E5BE6B66-523F-4404-AA6A-FA2535CC21B7}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{3E4EDBFE-CF61-4F42-8959-6AF73802CF17}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>1468</NamePositionX>
+					<NamePositionY>1190</NamePositionY>
+					<Points>
+						<Point>
+							<x>1691</x>
+							<y>1380</y>
+						</Point>
+						<Point>
+							<x>1660</x>
+							<y>1380</y>
+						</Point>
+						<Point>
+							<x>1475</x>
+							<y>1121</y>
+						</Point>
+						<Point>
+							<x>1475</x>
+							<y>1090</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{66CA4223-3788-4982-AAB6-EBF66089639D}</Id>
+					<Name>fk_content_ablauf_vorgabe</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{0CD9C3CD-C415-4876-8E67-5D0DCBACC3BE}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{FDF638AA-C04C-4007-A228-AB975C067734}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{783FB22A-5EE5-4299-9249-937EC0DFD2B8}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{3E4EDBFE-CF61-4F42-8959-6AF73802CF17}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>1167</NamePositionX>
+					<NamePositionY>1101</NamePositionY>
+					<Points>
+						<Point>
+							<x>1243</x>
+							<y>1232</y>
+						</Point>
+						<Point>
+							<x>1243</x>
+							<y>1201</y>
+						</Point>
+						<Point>
+							<x>1292</x>
+							<y>1121</y>
+						</Point>
+						<Point>
+							<x>1292</x>
+							<y>1090</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -54742,7 +55246,7 @@
 					<Top>779</Top>
 					<Left>54</Left>
 					<z>0</z>
-					<Width>663</Width>
+					<Width>565</Width>
 					<Height>434</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -54783,7 +55287,7 @@
 					<Top>519</Top>
 					<Left>57</Left>
 					<z>0</z>
-					<Width>611</Width>
+					<Width>532</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -54818,7 +55322,7 @@
 					<Top>32</Top>
 					<Left>49</Left>
 					<z>0</z>
-					<Width>438</Width>
+					<Width>390</Width>
 					<Height>288</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -54874,7 +55378,7 @@
 					<Top>36</Top>
 					<Left>774</Left>
 					<z>0</z>
-					<Width>768</Width>
+					<Width>670</Width>
 					<Height>395</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -54912,7 +55416,7 @@
 					<Top>817</Top>
 					<Left>1162</Left>
 					<z>0</z>
-					<Width>587</Width>
+					<Width>515</Width>
 					<Height>590</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -54952,7 +55456,7 @@
 					<Top>1229</Top>
 					<Left>56</Left>
 					<z>0</z>
-					<Width>599</Width>
+					<Width>527</Width>
 					<Height>629</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -54993,7 +55497,7 @@
 					<Top>36</Top>
 					<Left>2167</Left>
 					<z>0</z>
-					<Width>576</Width>
+					<Width>509</Width>
 					<Height>473</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55030,7 +55534,7 @@
 					<Top>509</Top>
 					<Left>1130</Left>
 					<z>0</z>
-					<Width>635</Width>
+					<Width>557</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55110,7 +55614,7 @@
 					<Top>1640</Top>
 					<Left>2079</Left>
 					<z>0</z>
-					<Width>620</Width>
+					<Width>540</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55147,7 +55651,7 @@
 					<Top>1226</Top>
 					<Left>2170</Left>
 					<z>0</z>
-					<Width>699</Width>
+					<Width>611</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55184,7 +55688,7 @@
 					<Top>2031</Top>
 					<Left>101</Left>
 					<z>0</z>
-					<Width>601</Width>
+					<Width>535</Width>
 					<Height>473</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55222,7 +55726,7 @@
 					<Top>1691</Top>
 					<Left>1224</Left>
 					<z>0</z>
-					<Width>645</Width>
+					<Width>565</Width>
 					<Height>317</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55261,7 +55765,7 @@
 					<Top>2033</Top>
 					<Left>1851</Left>
 					<z>0</z>
-					<Width>636</Width>
+					<Width>557</Width>
 					<Height>239</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55298,7 +55802,7 @@
 					<Top>2103</Top>
 					<Left>1041</Left>
 					<z>0</z>
-					<Width>622</Width>
+					<Width>545</Width>
 					<Height>395</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -55378,7 +55882,7 @@
 					<WorkSpaceShape2>
 						<Id>{B1C46B1E-06F2-48E1-90D2-26DA151A11B9}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>465</NamePositionX>
+					<NamePositionX>439</NamePositionX>
 					<NamePositionY>431</NamePositionY>
 					<Points>
 						<Point>
@@ -55390,11 +55894,11 @@
 							<y>234</y>
 						</Point>
 						<Point>
-							<x>386</x>
+							<x>336</x>
 							<y>748</y>
 						</Point>
 						<Point>
-							<x>386</x>
+							<x>336</x>
 							<y>779</y>
 						</Point>
 					</Points>
@@ -55421,15 +55925,15 @@
 					<WorkSpaceShape2>
 						<Id>{0E058C3F-E002-4DE4-A099-651D67DDCBEC}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>707</NamePositionX>
+					<NamePositionX>658</NamePositionX>
 					<NamePositionY>1075</NamePositionY>
 					<Points>
 						<Point>
-							<x>717</x>
+							<x>619</x>
 							<y>996</y>
 						</Point>
 						<Point>
-							<x>748</x>
+							<x>650</x>
 							<y>996</y>
 						</Point>
 						<Point>
@@ -55464,7 +55968,7 @@
 					<WorkSpaceShape2>
 						<Id>{6704B70E-0AB9-410E-AEDB-795DE7375F92}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>848</NamePositionX>
+					<NamePositionX>812</NamePositionX>
 					<NamePositionY>1466</NamePositionY>
 					<Points>
 						<Point>
@@ -55476,11 +55980,11 @@
 							<y>1210</y>
 						</Point>
 						<Point>
-							<x>686</x>
+							<x>614</x>
 							<y>1648</y>
 						</Point>
 						<Point>
-							<x>655</x>
+							<x>583</x>
 							<y>1648</y>
 						</Point>
 					</Points>
@@ -55507,23 +56011,23 @@
 					<WorkSpaceShape2>
 						<Id>{69408933-7B12-47CF-A4BF-073FDC6F95DA}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1352</NamePositionX>
+					<NamePositionX>1314</NamePositionX>
 					<NamePositionY>703</NamePositionY>
 					<Points>
 						<Point>
-							<x>1456</x>
+							<x>1420</x>
 							<y>817</y>
 						</Point>
 						<Point>
-							<x>1456</x>
+							<x>1420</x>
 							<y>786</y>
 						</Point>
 						<Point>
-							<x>1448</x>
+							<x>1408</x>
 							<y>740</y>
 						</Point>
 						<Point>
-							<x>1448</x>
+							<x>1408</x>
 							<y>709</y>
 						</Point>
 					</Points>
@@ -55550,15 +56054,15 @@
 					<WorkSpaceShape2>
 						<Id>{69408933-7B12-47CF-A4BF-073FDC6F95DA}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>824</NamePositionX>
-					<NamePositionY>688</NamePositionY>
+					<NamePositionX>774</NamePositionX>
+					<NamePositionY>689</NamePositionY>
 					<Points>
 						<Point>
-							<x>717</x>
+							<x>619</x>
 							<y>888</y>
 						</Point>
 						<Point>
-							<x>748</x>
+							<x>650</x>
 							<y>888</y>
 						</Point>
 						<Point>
@@ -55593,15 +56097,15 @@
 					<WorkSpaceShape2>
 						<Id>{E6427BDD-A77F-4E16-A144-F35F71C9AA8B}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1774</NamePositionX>
+					<NamePositionX>1725</NamePositionX>
 					<NamePositionY>460</NamePositionY>
 					<Points>
 						<Point>
-							<x>1542</x>
+							<x>1444</x>
 							<y>234</y>
 						</Point>
 						<Point>
-							<x>1573</x>
+							<x>1475</x>
 							<y>234</y>
 						</Point>
 						<Point>
@@ -55636,15 +56140,15 @@
 					<WorkSpaceShape2>
 						<Id>{E6427BDD-A77F-4E16-A144-F35F71C9AA8B}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2662</NamePositionX>
+					<NamePositionX>2622</NamePositionX>
 					<NamePositionY>1308</NamePositionY>
 					<Points>
 						<Point>
-							<x>2699</x>
+							<x>2619</x>
 							<y>1740</y>
 						</Point>
 						<Point>
-							<x>2730</x>
+							<x>2650</x>
 							<y>1740</y>
 						</Point>
 						<Point>
@@ -55679,15 +56183,15 @@
 					<WorkSpaceShape2>
 						<Id>{E6427BDD-A77F-4E16-A144-F35F71C9AA8B}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2410</NamePositionX>
+					<NamePositionX>2388</NamePositionX>
 					<NamePositionY>1035</NamePositionY>
 					<Points>
 						<Point>
-							<x>2520</x>
+							<x>2476</x>
 							<y>1226</y>
 						</Point>
 						<Point>
-							<x>2520</x>
+							<x>2476</x>
 							<y>1195</y>
 						</Point>
 						<Point>
@@ -55722,7 +56226,7 @@
 					<WorkSpaceShape2>
 						<Id>{527878F2-D8C7-4BD1-AEA5-433A2A93E154}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2452</NamePositionX>
+					<NamePositionX>2435</NamePositionX>
 					<NamePositionY>562</NamePositionY>
 					<Points>
 						<Point>
@@ -55734,11 +56238,11 @@
 							<y>703</y>
 						</Point>
 						<Point>
-							<x>2455</x>
+							<x>2422</x>
 							<y>540</y>
 						</Point>
 						<Point>
-							<x>2455</x>
+							<x>2422</x>
 							<y>509</y>
 						</Point>
 					</Points>
@@ -55765,7 +56269,7 @@
 					<WorkSpaceShape2>
 						<Id>{69408933-7B12-47CF-A4BF-073FDC6F95DA}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1885</NamePositionX>
+					<NamePositionX>1847</NamePositionX>
 					<NamePositionY>688</NamePositionY>
 					<Points>
 						<Point>
@@ -55777,11 +56281,11 @@
 							<y>887</y>
 						</Point>
 						<Point>
-							<x>1796</x>
+							<x>1718</x>
 							<y>609</y>
 						</Point>
 						<Point>
-							<x>1765</x>
+							<x>1687</x>
 							<y>609</y>
 						</Point>
 					</Points>
@@ -55808,35 +56312,35 @@
 					<WorkSpaceShape2>
 						<Id>{6704B70E-0AB9-410E-AEDB-795DE7375F92}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>842</NamePositionX>
-					<NamePositionY>1937</NamePositionY>
+					<NamePositionX>785</NamePositionX>
+					<NamePositionY>1947</NamePositionY>
 					<Points>
 						<Point>
-							<x>655</x>
+							<x>583</x>
 							<y>1439</y>
 						</Point>
 						<Point>
-							<x>686</x>
+							<x>614</x>
 							<y>1439</y>
 						</Point>
 						<Point>
-							<x>686</x>
+							<x>614</x>
 							<y>1439</y>
 						</Point>
 						<Point>
-							<x>686</x>
+							<x>614</x>
 							<y>1889</y>
 						</Point>
 						<Point>
-							<x>206</x>
+							<x>188</x>
 							<y>1889</y>
 						</Point>
 						<Point>
-							<x>206</x>
+							<x>188</x>
 							<y>1889</y>
 						</Point>
 						<Point>
-							<x>206</x>
+							<x>188</x>
 							<y>1858</y>
 						</Point>
 					</Points>
@@ -55863,15 +56367,15 @@
 					<WorkSpaceShape2>
 						<Id>{05D38B22-230A-490A-AE08-48BD19868B8F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>870</NamePositionX>
+					<NamePositionX>822</NamePositionX>
 					<NamePositionY>1390</NamePositionY>
 					<Points>
 						<Point>
-							<x>717</x>
+							<x>619</x>
 							<y>1104</y>
 						</Point>
 						<Point>
-							<x>748</x>
+							<x>650</x>
 							<y>1104</y>
 						</Point>
 						<Point>
@@ -55906,23 +56410,23 @@
 					<WorkSpaceShape2>
 						<Id>{05D38B22-230A-490A-AE08-48BD19868B8F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1401</NamePositionX>
+					<NamePositionX>1363</NamePositionX>
 					<NamePositionY>1489</NamePositionY>
 					<Points>
 						<Point>
-							<x>1456</x>
+							<x>1420</x>
 							<y>1407</y>
 						</Point>
 						<Point>
-							<x>1456</x>
+							<x>1420</x>
 							<y>1438</y>
 						</Point>
 						<Point>
-							<x>1546</x>
+							<x>1506</x>
 							<y>1660</y>
 						</Point>
 						<Point>
-							<x>1546</x>
+							<x>1506</x>
 							<y>1691</y>
 						</Point>
 					</Points>
@@ -55949,15 +56453,15 @@
 					<WorkSpaceShape2>
 						<Id>{05D38B22-230A-490A-AE08-48BD19868B8F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>866</NamePositionX>
+					<NamePositionX>833</NamePositionX>
 					<NamePositionY>1877</NamePositionY>
 					<Points>
 						<Point>
-							<x>702</x>
+							<x>636</x>
 							<y>2268</y>
 						</Point>
 						<Point>
-							<x>733</x>
+							<x>667</x>
 							<y>2268</y>
 						</Point>
 						<Point>
@@ -55992,23 +56496,23 @@
 					<WorkSpaceShape2>
 						<Id>{6704B70E-0AB9-410E-AEDB-795DE7375F92}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>279</NamePositionX>
-					<NamePositionY>1884</NamePositionY>
+					<NamePositionX>244</NamePositionX>
+					<NamePositionY>1885</NamePositionY>
 					<Points>
 						<Point>
-							<x>402</x>
+							<x>368</x>
 							<y>2031</y>
 						</Point>
 						<Point>
-							<x>402</x>
+							<x>368</x>
 							<y>2000</y>
 						</Point>
 						<Point>
-							<x>356</x>
+							<x>320</x>
 							<y>1889</y>
 						</Point>
 						<Point>
-							<x>356</x>
+							<x>320</x>
 							<y>1858</y>
 						</Point>
 					</Points>
@@ -56035,7 +56539,7 @@
 					<WorkSpaceShape2>
 						<Id>{81913E61-CE59-4B8A-9F8B-BBB2F49A6139}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1657</NamePositionX>
+					<NamePositionX>1619</NamePositionX>
 					<NamePositionY>2167</NamePositionY>
 					<Points>
 						<Point>
@@ -56047,11 +56551,11 @@
 							<y>2152</y>
 						</Point>
 						<Point>
-							<x>1694</x>
+							<x>1617</x>
 							<y>2300</y>
 						</Point>
 						<Point>
-							<x>1663</x>
+							<x>1586</x>
 							<y>2300</y>
 						</Point>
 					</Points>
@@ -56078,8 +56582,8 @@
 					<WorkSpaceShape2>
 						<Id>{6704B70E-0AB9-410E-AEDB-795DE7375F92}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>658</NamePositionX>
-					<NamePositionY>2035</NamePositionY>
+					<NamePositionX>630</NamePositionX>
+					<NamePositionY>2034</NamePositionY>
 					<Points>
 						<Point>
 							<x>1041</x>
@@ -56090,11 +56594,11 @@
 							<y>2300</y>
 						</Point>
 						<Point>
-							<x>505</x>
+							<x>451</x>
 							<y>1889</y>
 						</Point>
 						<Point>
-							<x>505</x>
+							<x>451</x>
 							<y>1858</y>
 						</Point>
 					</Points>
@@ -56121,8 +56625,8 @@
 					<WorkSpaceShape2>
 						<Id>{B1C46B1E-06F2-48E1-90D2-26DA151A11B9}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>497</NamePositionX>
-					<NamePositionY>1331</NamePositionY>
+					<NamePositionX>473</NamePositionX>
+					<NamePositionY>1332</NamePositionY>
 					<Points>
 						<Point>
 							<x>840</x>
@@ -56133,11 +56637,11 @@
 							<y>1539</y>
 						</Point>
 						<Point>
-							<x>386</x>
+							<x>336</x>
 							<y>1244</y>
 						</Point>
 						<Point>
-							<x>386</x>
+							<x>336</x>
 							<y>1213</y>
 						</Point>
 					</Points>
@@ -56309,6 +56813,7 @@
 						<Id>{BABA7152-7013-4B27-8327-CE022E2A5297}</Id>
 						<Id>{3F70B3B5-44FA-4C8D-B707-79E3DB8CA863}</Id>
 						<Id>{72FAA735-FAC5-45AB-8411-5C528C10E18F}</Id>
+						<Id>{C270E12D-9806-4CAC-B48F-D78347079AD2}</Id>
 					</LineList>
 					<DisplayIndexes>1</DisplayIndexes>
 					<AlignInColumns>1</AlignInColumns>
@@ -56855,6 +57360,78 @@
 					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
 					<Gradient>1</Gradient>
 				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{F3E608D6-DF8C-48FB-B4D0-906D4E432395}</Id>
+					<Name>tbl_ablauf_vorgaben</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{9E125C9E-6F2E-4A14-9C68-855274F3E0F5}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>1046</Top>
+					<Left>1176</Left>
+					<z>0</z>
+					<Width>551</Width>
+					<Height>395</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>0</FullBackground>
+					<LineList/>
+					<DisplayIndexes>1</DisplayIndexes>
+					<AlignInColumns>1</AlignInColumns>
+					<DisplayMode>5</DisplayMode>
+					<DisplayTypes>1</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{068AF6B2-C30B-4715-B7BA-DD9EEC267023}</Id>
+					<Name>tbl_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{4461C9A8-B5D4-47C7-BC21-C537656DF93E}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>983</Top>
+					<Left>628</Left>
+					<z>0</z>
+					<Width>652</Width>
+					<Height>473</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>0</FullBackground>
+					<LineList>
+						<Id>{C270E12D-9806-4CAC-B48F-D78347079AD2}</Id>
+					</LineList>
+					<DisplayIndexes>1</DisplayIndexes>
+					<AlignInColumns>1</AlignInColumns>
+					<DisplayMode>5</DisplayMode>
+					<DisplayTypes>1</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
 			</ShapeList>
 			<LineList>
 				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
@@ -56923,15 +57500,15 @@
 						<Id>{6796A1AC-54A7-4EF0-8B39-1A30C6393C40}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>1769</NamePositionX>
-					<NamePositionY>295</NamePositionY>
+					<NamePositionY>270</NamePositionY>
 					<Points>
 						<Point>
 							<x>2404</x>
-							<y>335</y>
+							<y>284</y>
 						</Point>
 						<Point>
 							<x>2373</x>
-							<y>335</y>
+							<y>284</y>
 						</Point>
 						<Point>
 							<x>1552</x>
@@ -56966,15 +57543,15 @@
 						<Id>{6796A1AC-54A7-4EF0-8B39-1A30C6393C40}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>1756</NamePositionX>
-					<NamePositionY>119</NamePositionY>
+					<NamePositionY>106</NamePositionY>
 					<Points>
 						<Point>
 							<x>2404</x>
-							<y>207</y>
+							<y>181</y>
 						</Point>
 						<Point>
 							<x>2373</x>
-							<y>207</y>
+							<y>181</y>
 						</Point>
 						<Point>
 							<x>1552</x>
@@ -57009,15 +57586,15 @@
 						<Id>{CCD12E07-139E-4901-BAFD-9ADFDE1519B5}</Id>
 					</WorkSpaceShape2>
 					<NamePositionX>1944</NamePositionX>
-					<NamePositionY>653</NamePositionY>
+					<NamePositionY>665</NamePositionY>
 					<Points>
 						<Point>
 							<x>2404</x>
-							<y>463</y>
+							<y>489</y>
 						</Point>
 						<Point>
 							<x>2373</x>
-							<y>463</y>
+							<y>489</y>
 						</Point>
 						<Point>
 							<x>1715</x>
@@ -57459,6 +58036,49 @@
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{C270E12D-9806-4CAC-B48F-D78347079AD2}</Id>
+					<Name>fk_benutzer_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{D223B540-7775-4175-ABC1-7A61ABF65C5D}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{D5D8FED0-6E7D-4EA7-9AF6-61B1E68B1039}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{950941FE-7219-4043-82FD-8E6AE76BD8A7}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{068AF6B2-C30B-4715-B7BA-DD9EEC267023}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>1742</NamePositionX>
+					<NamePositionY>743</NamePositionY>
+					<Points>
+						<Point>
+							<x>2404</x>
+							<y>386</y>
+						</Point>
+						<Point>
+							<x>2373</x>
+							<y>386</y>
+						</Point>
+						<Point>
+							<x>1311</x>
+							<y>1220</y>
+						</Point>
+						<Point>
+							<x>1280</x>
+							<y>1220</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
 			</LineList>
 			<Page>
 				<WorkSpacePagePG83 ObjectType="1511" CSAOName="WorkSpacePagePG83">
@@ -57959,7 +58579,7 @@
 					<Top>441</Top>
 					<Left>15</Left>
 					<z>0</z>
-					<Width>717</Width>
+					<Width>625</Width>
 					<Height>1370</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -57996,7 +58616,7 @@
 					<Top>10</Top>
 					<Left>12</Left>
 					<z>0</z>
-					<Width>438</Width>
+					<Width>390</Width>
 					<Height>288</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58093,7 +58713,7 @@
 					<Top>26</Top>
 					<Left>546</Left>
 					<z>0</z>
-					<Width>695</Width>
+					<Width>603</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58133,7 +58753,7 @@
 					<Top>1547</Top>
 					<Left>1577</Left>
 					<z>0</z>
-					<Width>606</Width>
+					<Width>528</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58207,7 +58827,7 @@
 					<Top>206</Top>
 					<Left>1697</Left>
 					<z>0</z>
-					<Width>693</Width>
+					<Width>599</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58250,35 +58870,35 @@
 					<WorkSpaceShape2>
 						<Id>{12FF9CB2-43D7-46DA-860A-3FE0841712B8}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1095</NamePositionX>
-					<NamePositionY>257</NamePositionY>
+					<NamePositionX>1101</NamePositionX>
+					<NamePositionY>267</NamePositionY>
 					<Points>
 						<Point>
-							<x>1241</x>
+							<x>1149</x>
 							<y>76</y>
 						</Point>
 						<Point>
-							<x>1272</x>
+							<x>1180</x>
 							<y>76</y>
 						</Point>
 						<Point>
-							<x>1272</x>
+							<x>1180</x>
 							<y>76</y>
 						</Point>
 						<Point>
-							<x>1272</x>
+							<x>1180</x>
 							<y>257</y>
 						</Point>
 						<Point>
-							<x>894</x>
+							<x>848</x>
 							<y>257</y>
 						</Point>
 						<Point>
-							<x>894</x>
+							<x>848</x>
 							<y>257</y>
 						</Point>
 						<Point>
-							<x>894</x>
+							<x>848</x>
 							<y>226</y>
 						</Point>
 					</Points>
@@ -58305,15 +58925,15 @@
 					<WorkSpaceShape2>
 						<Id>{4A409D86-9F7F-48BB-9367-45DFF1D4AC44}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1320</NamePositionX>
+					<NamePositionX>1274</NamePositionX>
 					<NamePositionY>297</NamePositionY>
 					<Points>
 						<Point>
-							<x>1241</x>
+							<x>1149</x>
 							<y>176</y>
 						</Point>
 						<Point>
-							<x>1272</x>
+							<x>1180</x>
 							<y>176</y>
 						</Point>
 						<Point>
@@ -58348,15 +58968,15 @@
 					<WorkSpaceShape2>
 						<Id>{4A409D86-9F7F-48BB-9367-45DFF1D4AC44}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1790</NamePositionX>
+					<NamePositionX>1770</NamePositionX>
 					<NamePositionY>1314</NamePositionY>
 					<Points>
 						<Point>
-							<x>1880</x>
+							<x>1841</x>
 							<y>1547</y>
 						</Point>
 						<Point>
-							<x>1880</x>
+							<x>1841</x>
 							<y>1516</y>
 						</Point>
 						<Point>
@@ -58434,15 +59054,15 @@
 					<WorkSpaceShape2>
 						<Id>{4A409D86-9F7F-48BB-9367-45DFF1D4AC44}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>913</NamePositionX>
+					<NamePositionX>867</NamePositionX>
 					<NamePositionY>939</NamePositionY>
 					<Points>
 						<Point>
-							<x>732</x>
+							<x>640</x>
 							<y>1126</y>
 						</Point>
 						<Point>
-							<x>763</x>
+							<x>671</x>
 							<y>1126</y>
 						</Point>
 						<Point>
@@ -58477,15 +59097,15 @@
 					<WorkSpaceShape2>
 						<Id>{18FA9504-3A7F-4B25-843A-51762C59A489}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1346</NamePositionX>
+					<NamePositionX>1300</NamePositionX>
 					<NamePositionY>148</NamePositionY>
 					<Points>
 						<Point>
-							<x>1241</x>
+							<x>1149</x>
 							<y>126</y>
 						</Point>
 						<Point>
-							<x>1272</x>
+							<x>1180</x>
 							<y>126</y>
 						</Point>
 						<Point>
@@ -58520,15 +59140,15 @@
 					<WorkSpaceShape2>
 						<Id>{4A409D86-9F7F-48BB-9367-45DFF1D4AC44}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1872</NamePositionX>
+					<NamePositionX>1848</NamePositionX>
 					<NamePositionY>415</NamePositionY>
 					<Points>
 						<Point>
-							<x>2044</x>
+							<x>1996</x>
 							<y>406</y>
 						</Point>
 						<Point>
-							<x>2044</x>
+							<x>1996</x>
 							<y>437</y>
 						</Point>
 						<Point>
@@ -58615,7 +59235,7 @@
 					<Top>18</Top>
 					<Left>28</Left>
 					<z>0</z>
-					<Width>438</Width>
+					<Width>390</Width>
 					<Height>288</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58671,7 +59291,7 @@
 					<Top>24</Top>
 					<Left>1511</Left>
 					<z>0</z>
-					<Width>807</Width>
+					<Width>712</Width>
 					<Height>629</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58712,8 +59332,8 @@
 					<Top>1633</Top>
 					<Left>38</Left>
 					<z>0</z>
-					<Width>683</Width>
-					<Height>239</Height>
+					<Width>595</Width>
+					<Height>278</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
 					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
@@ -58753,7 +59373,7 @@
 					<Top>40</Top>
 					<Left>567</Left>
 					<z>0</z>
-					<Width>788</Width>
+					<Width>690</Width>
 					<Height>1253</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58792,7 +59412,7 @@
 					<Top>5</Top>
 					<Left>2470</Left>
 					<z>0</z>
-					<Width>704</Width>
+					<Width>613</Width>
 					<Height>629</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58830,8 +59450,8 @@
 					<Top>701</Top>
 					<Left>1899</Left>
 					<z>0</z>
-					<Width>952</Width>
-					<Height>629</Height>
+					<Width>832</Width>
+					<Height>668</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
 					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
@@ -58953,7 +59573,7 @@
 					<Top>1165</Top>
 					<Left>2906</Left>
 					<z>0</z>
-					<Width>683</Width>
+					<Width>595</Width>
 					<Height>512</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -58992,7 +59612,7 @@
 					<Top>661</Top>
 					<Left>2969</Left>
 					<z>0</z>
-					<Width>775</Width>
+					<Width>677</Width>
 					<Height>473</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -59107,7 +59727,7 @@
 					<Top>1923</Top>
 					<Left>48</Left>
 					<z>0</z>
-					<Width>768</Width>
+					<Width>670</Width>
 					<Height>395</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -59181,7 +59801,7 @@
 					<Top>1305</Top>
 					<Left>951</Left>
 					<z>0</z>
-					<Width>731</Width>
+					<Width>641</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -59219,7 +59839,7 @@
 					<Top>1722</Top>
 					<Left>2836</Left>
 					<z>0</z>
-					<Width>667</Width>
+					<Width>585</Width>
 					<Height>902</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -59256,7 +59876,7 @@
 					<Top>1329</Top>
 					<Left>54</Left>
 					<z>0</z>
-					<Width>576</Width>
+					<Width>509</Width>
 					<Height>200</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -59293,7 +59913,7 @@
 					<Top>2332</Top>
 					<Left>80</Left>
 					<z>0</z>
-					<Width>683</Width>
+					<Width>595</Width>
 					<Height>317</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -59331,7 +59951,7 @@
 					<Top>2156</Top>
 					<Left>1002</Left>
 					<z>0</z>
-					<Width>567</Width>
+					<Width>501</Width>
 					<Height>512</Height>
 					<dz>0</dz>
 					<RecalculateSizes>1</RecalculateSizes>
@@ -59371,23 +59991,23 @@
 					<WorkSpaceShape2>
 						<Id>{D5915873-AA55-4FB0-9EAE-7236D558CCBB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1148</NamePositionX>
-					<NamePositionY>1020</NamePositionY>
+					<NamePositionX>1092</NamePositionX>
+					<NamePositionY>1027</NamePositionY>
 					<Points>
 						<Point>
-							<x>721</x>
-							<y>1729</y>
+							<x>633</x>
+							<y>1744</y>
 						</Point>
 						<Point>
-							<x>752</x>
-							<y>1729</y>
+							<x>664</x>
+							<y>1744</y>
 						</Point>
 						<Point>
-							<x>1713</x>
+							<x>1689</x>
 							<y>684</y>
 						</Point>
 						<Point>
-							<x>1713</x>
+							<x>1689</x>
 							<y>653</y>
 						</Point>
 					</Points>
@@ -59414,23 +60034,23 @@
 					<WorkSpaceShape2>
 						<Id>{D5915873-AA55-4FB0-9EAE-7236D558CCBB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1250</NamePositionX>
-					<NamePositionY>1042</NamePositionY>
+					<NamePositionX>1182</NamePositionX>
+					<NamePositionY>1054</NamePositionY>
 					<Points>
 						<Point>
-							<x>721</x>
-							<y>1776</y>
+							<x>633</x>
+							<y>1800</y>
 						</Point>
 						<Point>
-							<x>752</x>
-							<y>1776</y>
+							<x>664</x>
+							<y>1800</y>
 						</Point>
 						<Point>
-							<x>1914</x>
+							<x>1867</x>
 							<y>684</y>
 						</Point>
 						<Point>
-							<x>1914</x>
+							<x>1867</x>
 							<y>653</y>
 						</Point>
 					</Points>
@@ -59457,15 +60077,15 @@
 					<WorkSpaceShape2>
 						<Id>{D5915873-AA55-4FB0-9EAE-7236D558CCBB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1333</NamePositionX>
+					<NamePositionX>1284</NamePositionX>
 					<NamePositionY>442</NamePositionY>
 					<Points>
 						<Point>
-							<x>1355</x>
+							<x>1257</x>
 							<y>666</y>
 						</Point>
 						<Point>
-							<x>1386</x>
+							<x>1288</x>
 							<y>666</y>
 						</Point>
 						<Point>
@@ -59500,15 +60120,15 @@
 					<WorkSpaceShape2>
 						<Id>{01F6CD74-BD1B-46B0-B6A1-154B3625A34C}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2294</NamePositionX>
+					<NamePositionX>2246</NamePositionX>
 					<NamePositionY>214</NamePositionY>
 					<Points>
 						<Point>
-							<x>2318</x>
+							<x>2223</x>
 							<y>338</y>
 						</Point>
 						<Point>
-							<x>2349</x>
+							<x>2254</x>
 							<y>338</y>
 						</Point>
 						<Point>
@@ -59543,7 +60163,7 @@
 					<WorkSpaceShape2>
 						<Id>{D82FC4FC-DDAD-488C-907E-08576AD96294}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2307</NamePositionX>
+					<NamePositionX>2277</NamePositionX>
 					<NamePositionY>466</NamePositionY>
 					<Points>
 						<Point>
@@ -59555,11 +60175,11 @@
 							<y>424</y>
 						</Point>
 						<Point>
-							<x>2375</x>
+							<x>2315</x>
 							<y>670</y>
 						</Point>
 						<Point>
-							<x>2375</x>
+							<x>2315</x>
 							<y>701</y>
 						</Point>
 					</Points>
@@ -59586,36 +60206,36 @@
 					<WorkSpaceShape2>
 						<Id>{D82FC4FC-DDAD-488C-907E-08576AD96294}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3768</NamePositionX>
-					<NamePositionY>1324</NamePositionY>
+					<NamePositionX>3864</NamePositionX>
+					<NamePositionY>1373</NamePositionY>
 					<Points>
 						<Point>
-							<x>2851</x>
-							<y>1120</y>
+							<x>2731</x>
+							<y>1146</y>
 						</Point>
 						<Point>
-							<x>2882</x>
-							<y>1120</y>
+							<x>2762</x>
+							<y>1146</y>
 						</Point>
 						<Point>
-							<x>2882</x>
-							<y>1120</y>
+							<x>2762</x>
+							<y>1146</y>
 						</Point>
 						<Point>
-							<x>2882</x>
-							<y>1361</y>
+							<x>2762</x>
+							<y>1400</y>
 						</Point>
 						<Point>
-							<x>2212</x>
-							<y>1361</y>
+							<x>2450</x>
+							<y>1400</y>
 						</Point>
 						<Point>
-							<x>2216</x>
-							<y>1361</y>
+							<x>2454</x>
+							<y>1400</y>
 						</Point>
 						<Point>
-							<x>2216</x>
-							<y>1330</y>
+							<x>2454</x>
+							<y>1369</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -59641,8 +60261,8 @@
 					<WorkSpaceShape2>
 						<Id>{D82FC4FC-DDAD-488C-907E-08576AD96294}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2412</NamePositionX>
-					<NamePositionY>1278</NamePositionY>
+					<NamePositionX>2233</NamePositionX>
+					<NamePositionY>1297</NamePositionY>
 					<Points>
 						<Point>
 							<x>2490</x>
@@ -59653,12 +60273,12 @@
 							<y>1335</y>
 						</Point>
 						<Point>
-							<x>2534</x>
-							<y>1361</y>
+							<x>2176</x>
+							<y>1400</y>
 						</Point>
 						<Point>
-							<x>2534</x>
-							<y>1330</y>
+							<x>2176</x>
+							<y>1369</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -59770,7 +60390,7 @@
 					<WorkSpaceShape2>
 						<Id>{7DD3FBD6-8AEC-43CA-8E72-02883BBE1F25}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2974</NamePositionX>
+					<NamePositionX>2945</NamePositionX>
 					<NamePositionY>1816</NamePositionY>
 					<Points>
 						<Point>
@@ -59782,11 +60402,11 @@
 							<y>2066</y>
 						</Point>
 						<Point>
-							<x>3361</x>
+							<x>3303</x>
 							<y>1708</y>
 						</Point>
 						<Point>
-							<x>3361</x>
+							<x>3303</x>
 							<y>1677</y>
 						</Point>
 					</Points>
@@ -59813,16 +60433,16 @@
 					<WorkSpaceShape2>
 						<Id>{7DD3FBD6-8AEC-43CA-8E72-02883BBE1F25}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1653</NamePositionX>
-					<NamePositionY>1311</NamePositionY>
+					<NamePositionX>1609</NamePositionX>
+					<NamePositionY>1326</NamePositionY>
 					<Points>
 						<Point>
-							<x>721</x>
-							<y>1824</y>
+							<x>633</x>
+							<y>1855</y>
 						</Point>
 						<Point>
-							<x>752</x>
-							<y>1824</y>
+							<x>664</x>
+							<y>1855</y>
 						</Point>
 						<Point>
 							<x>2875</x>
@@ -59856,7 +60476,7 @@
 					<WorkSpaceShape2>
 						<Id>{D1ACE1AA-97D9-454E-BE39-720F9DF575E7}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3360</NamePositionX>
+					<NamePositionX>3336</NamePositionX>
 					<NamePositionY>548</NamePositionY>
 					<Points>
 						<Point>
@@ -59868,11 +60488,11 @@
 							<y>626</y>
 						</Point>
 						<Point>
-							<x>3356</x>
+							<x>3308</x>
 							<y>630</y>
 						</Point>
 						<Point>
-							<x>3356</x>
+							<x>3308</x>
 							<y>661</y>
 						</Point>
 					</Points>
@@ -59899,35 +60519,35 @@
 					<WorkSpaceShape2>
 						<Id>{D1ACE1AA-97D9-454E-BE39-720F9DF575E7}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>4026</NamePositionX>
-					<NamePositionY>1180</NamePositionY>
+					<NamePositionX>4004</NamePositionX>
+					<NamePositionY>1190</NamePositionY>
 					<Points>
 						<Point>
-							<x>3744</x>
+							<x>3646</x>
 							<y>898</y>
 						</Point>
 						<Point>
-							<x>3775</x>
+							<x>3677</x>
 							<y>898</y>
 						</Point>
 						<Point>
-							<x>3783</x>
+							<x>3685</x>
 							<y>898</y>
 						</Point>
 						<Point>
-							<x>3783</x>
+							<x>3685</x>
 							<y>1165</y>
 						</Point>
 						<Point>
-							<x>3365</x>
+							<x>3317</x>
 							<y>1165</y>
 						</Point>
 						<Point>
-							<x>3356</x>
+							<x>3308</x>
 							<y>1165</y>
 						</Point>
 						<Point>
-							<x>3356</x>
+							<x>3308</x>
 							<y>1134</y>
 						</Point>
 					</Points>
@@ -60040,15 +60660,15 @@
 					<WorkSpaceShape2>
 						<Id>{EC357F68-C26A-41FB-93FB-4114A2D4001F}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1110</NamePositionX>
+					<NamePositionX>1061</NamePositionX>
 					<NamePositionY>2221</NamePositionY>
 					<Points>
 						<Point>
-							<x>816</x>
+							<x>718</x>
 							<y>2120</y>
 						</Point>
 						<Point>
-							<x>847</x>
+							<x>749</x>
 							<y>2120</y>
 						</Point>
 						<Point>
@@ -60126,16 +60746,16 @@
 					<WorkSpaceShape2>
 						<Id>{7B93B128-4D6B-49D8-A654-7C43C55BD3BB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>753</NamePositionX>
-					<NamePositionY>1356</NamePositionY>
+					<NamePositionX>709</NamePositionX>
+					<NamePositionY>1360</NamePositionY>
 					<Points>
 						<Point>
-							<x>721</x>
-							<y>1681</y>
+							<x>633</x>
+							<y>1689</y>
 						</Point>
 						<Point>
-							<x>752</x>
-							<y>1681</y>
+							<x>664</x>
+							<y>1689</y>
 						</Point>
 						<Point>
 							<x>920</x>
@@ -60169,23 +60789,23 @@
 					<WorkSpaceShape2>
 						<Id>{7B93B128-4D6B-49D8-A654-7C43C55BD3BB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1815</NamePositionX>
+					<NamePositionX>1735</NamePositionX>
 					<NamePositionY>963</NamePositionY>
 					<Points>
 						<Point>
-							<x>2116</x>
+							<x>2045</x>
 							<y>653</y>
 						</Point>
 						<Point>
-							<x>2116</x>
+							<x>2045</x>
 							<y>684</y>
 						</Point>
 						<Point>
-							<x>1713</x>
+							<x>1623</x>
 							<y>1405</y>
 						</Point>
 						<Point>
-							<x>1682</x>
+							<x>1592</x>
 							<y>1405</y>
 						</Point>
 					</Points>
@@ -60212,23 +60832,23 @@
 					<WorkSpaceShape2>
 						<Id>{7DD3FBD6-8AEC-43CA-8E72-02883BBE1F25}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>3052</NamePositionX>
+					<NamePositionX>3016</NamePositionX>
 					<NamePositionY>1629</NamePositionY>
 					<Points>
 						<Point>
-							<x>3170</x>
+							<x>3128</x>
 							<y>1722</y>
 						</Point>
 						<Point>
-							<x>3170</x>
+							<x>3128</x>
 							<y>1691</y>
 						</Point>
 						<Point>
-							<x>3134</x>
+							<x>3104</x>
 							<y>1708</y>
 						</Point>
 						<Point>
-							<x>3134</x>
+							<x>3104</x>
 							<y>1677</y>
 						</Point>
 					</Points>
@@ -60255,16 +60875,16 @@
 					<WorkSpaceShape2>
 						<Id>{D1ACE1AA-97D9-454E-BE39-720F9DF575E7}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2810</NamePositionX>
-					<NamePositionY>805</NamePositionY>
+					<NamePositionX>2750</NamePositionX>
+					<NamePositionY>812</NamePositionY>
 					<Points>
 						<Point>
-							<x>2851</x>
-							<y>911</y>
+							<x>2731</x>
+							<y>924</y>
 						</Point>
 						<Point>
-							<x>2882</x>
-							<y>911</y>
+							<x>2762</x>
+							<y>924</y>
 						</Point>
 						<Point>
 							<x>2938</x>
@@ -60298,23 +60918,23 @@
 					<WorkSpaceShape2>
 						<Id>{31E28D6F-6572-44C1-8F5C-BD76876634A5}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>645</NamePositionX>
+					<NamePositionX>595</NamePositionX>
 					<NamePositionY>1317</NamePositionY>
 					<Points>
 						<Point>
-							<x>630</x>
+							<x>563</x>
 							<y>1429</y>
 						</Point>
 						<Point>
-							<x>661</x>
+							<x>594</x>
 							<y>1429</y>
 						</Point>
 						<Point>
-							<x>830</x>
+							<x>797</x>
 							<y>1324</y>
 						</Point>
 						<Point>
-							<x>830</x>
+							<x>797</x>
 							<y>1293</y>
 						</Point>
 					</Points>
@@ -60341,23 +60961,23 @@
 					<WorkSpaceShape2>
 						<Id>{3059631C-7D36-4060-BFE0-75D91D3BE869}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>714</NamePositionX>
+					<NamePositionX>652</NamePositionX>
 					<NamePositionY>1752</NamePositionY>
 					<Points>
 						<Point>
-							<x>1092</x>
+							<x>1027</x>
 							<y>1293</y>
 						</Point>
 						<Point>
-							<x>1092</x>
+							<x>1027</x>
 							<y>1324</y>
 						</Point>
 						<Point>
-							<x>535</x>
+							<x>477</x>
 							<y>2301</y>
 						</Point>
 						<Point>
-							<x>535</x>
+							<x>477</x>
 							<y>2332</y>
 						</Point>
 					</Points>
@@ -60384,23 +61004,23 @@
 					<WorkSpaceShape2>
 						<Id>{3059631C-7D36-4060-BFE0-75D91D3BE869}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>244</NamePositionX>
-					<NamePositionY>2042</NamePositionY>
+					<NamePositionX>207</NamePositionX>
+					<NamePositionY>2062</NamePositionY>
 					<Points>
 						<Point>
-							<x>380</x>
-							<y>1872</y>
+							<x>336</x>
+							<y>1911</y>
 						</Point>
 						<Point>
-							<x>380</x>
-							<y>1903</y>
+							<x>336</x>
+							<y>1942</y>
 						</Point>
 						<Point>
-							<x>308</x>
+							<x>278</x>
 							<y>2301</y>
 						</Point>
 						<Point>
-							<x>308</x>
+							<x>278</x>
 							<y>2332</y>
 						</Point>
 					</Points>
@@ -60589,8 +61209,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>456</Top>
-					<Left>979</Left>
+					<Top>29</Top>
+					<Left>675</Left>
 					<z>0</z>
 					<Width>557</Width>
 					<Height>434</Height>
@@ -60631,8 +61251,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>1247</Top>
-					<Left>811</Left>
+					<Top>618</Top>
+					<Left>676</Left>
 					<z>0</z>
 					<Width>557</Width>
 					<Height>200</Height>
@@ -60706,8 +61326,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>2243</Top>
-					<Left>1086</Left>
+					<Top>1830</Top>
+					<Left>917</Left>
 					<z>0</z>
 					<Width>609</Width>
 					<Height>707</Height>
@@ -60780,8 +61400,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>1429</Top>
-					<Left>1656</Left>
+					<Top>1221</Top>
+					<Left>1459</Left>
 					<z>0</z>
 					<Width>571</Width>
 					<Height>473</Height>
@@ -60896,8 +61516,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>1305</Top>
-					<Left>2429</Left>
+					<Top>1278</Top>
+					<Left>2337</Left>
 					<z>0</z>
 					<Width>571</Width>
 					<Height>200</Height>
@@ -61009,8 +61629,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>2012</Top>
-					<Left>1793</Left>
+					<Top>1774</Top>
+					<Left>1623</Left>
 					<z>0</z>
 					<Width>553</Width>
 					<Height>746</Height>
@@ -61072,8 +61692,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>1148</Top>
-					<Left>1673</Left>
+					<Top>892</Top>
+					<Left>1156</Left>
 					<z>0</z>
 					<Width>709</Width>
 					<Height>161</Height>
@@ -61109,8 +61729,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>961</Top>
-					<Left>852</Left>
+					<Top>475</Top>
+					<Left>1300</Left>
 					<z>0</z>
 					<Width>576</Width>
 					<Height>239</Height>
@@ -61148,8 +61768,8 @@
 					<FontStyle>0</FontStyle>
 					<FormatLocked>0</FormatLocked>
 					<FontHeight>-28</FontHeight>
-					<Top>1483</Top>
-					<Left>694</Left>
+					<Top>1143</Top>
+					<Left>702</Left>
 					<z>0</z>
 					<Width>607</Width>
 					<Height>629</Height>
@@ -61279,24 +61899,24 @@
 					<WorkSpaceShape2>
 						<Id>{4F082A2B-B9C4-41CC-9461-AFAA2B04156E}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1046</NamePositionX>
-					<NamePositionY>1008</NamePositionY>
+					<NamePositionX>834</NamePositionX>
+					<NamePositionY>481</NamePositionY>
 					<Points>
 						<Point>
-							<x>1090</x>
-							<y>1247</y>
+							<x>954</x>
+							<y>618</y>
 						</Point>
 						<Point>
-							<x>1090</x>
-							<y>1216</y>
+							<x>954</x>
+							<y>587</y>
 						</Point>
 						<Point>
-							<x>1202</x>
-							<y>921</y>
+							<x>914</x>
+							<y>494</y>
 						</Point>
 						<Point>
-							<x>1202</x>
-							<y>890</y>
+							<x>914</x>
+							<y>463</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61322,8 +61942,8 @@
 					<WorkSpaceShape2>
 						<Id>{4F082A2B-B9C4-41CC-9461-AFAA2B04156E}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>551</NamePositionX>
-					<NamePositionY>822</NamePositionY>
+					<NamePositionX>494</NamePositionX>
+					<NamePositionY>697</NamePositionY>
 					<Points>
 						<Point>
 							<x>354</x>
@@ -61334,12 +61954,12 @@
 							<y>1019</y>
 						</Point>
 						<Point>
-							<x>948</x>
-							<y>745</y>
+							<x>834</x>
+							<y>494</y>
 						</Point>
 						<Point>
-							<x>979</x>
-							<y>745</y>
+							<x>834</x>
+							<y>463</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61365,8 +61985,8 @@
 					<WorkSpaceShape2>
 						<Id>{AE07A161-6CC7-4A19-A377-935F9839DADB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2545</NamePositionX>
-					<NamePositionY>1201</NamePositionY>
+					<NamePositionX>2446</NamePositionX>
+					<NamePositionY>1038</NamePositionY>
 					<Points>
 						<Point>
 							<x>3063</x>
@@ -61377,12 +61997,12 @@
 							<y>857</y>
 						</Point>
 						<Point>
-							<x>2258</x>
-							<y>1666</y>
+							<x>2061</x>
+							<y>1339</y>
 						</Point>
 						<Point>
-							<x>2227</x>
-							<y>1666</y>
+							<x>2030</x>
+							<y>1339</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61408,24 +62028,24 @@
 					<WorkSpaceShape2>
 						<Id>{AE07A161-6CC7-4A19-A377-935F9839DADB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2600</NamePositionX>
-					<NamePositionY>1488</NamePositionY>
+					<NamePositionX>2501</NamePositionX>
+					<NamePositionY>1338</NamePositionY>
 					<Points>
 						<Point>
 							<x>3172</x>
-							<y>1312</y>
+							<y>1220</y>
 						</Point>
 						<Point>
 							<x>3141</x>
-							<y>1312</y>
+							<y>1220</y>
 						</Point>
 						<Point>
-							<x>2258</x>
-							<y>1784</y>
+							<x>2061</x>
+							<y>1576</y>
 						</Point>
 						<Point>
-							<x>2227</x>
-							<y>1784</y>
+							<x>2030</x>
+							<y>1576</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61451,24 +62071,24 @@
 					<WorkSpaceShape2>
 						<Id>{AE07A161-6CC7-4A19-A377-935F9839DADB}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2228</NamePositionX>
-					<NamePositionY>1416</NamePositionY>
+					<NamePositionX>2084</NamePositionX>
+					<NamePositionY>1358</NamePositionY>
 					<Points>
 						<Point>
-							<x>2429</x>
-							<y>1405</y>
+							<x>2337</x>
+							<y>1378</y>
 						</Point>
 						<Point>
-							<x>2398</x>
-							<y>1405</y>
+							<x>2306</x>
+							<y>1378</y>
 						</Point>
 						<Point>
-							<x>2258</x>
-							<y>1547</y>
+							<x>2061</x>
+							<y>1458</y>
 						</Point>
 						<Point>
-							<x>2227</x>
-							<y>1547</y>
+							<x>2030</x>
+							<y>1458</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61666,16 +62286,16 @@
 					<WorkSpaceShape2>
 						<Id>{C6D5E47E-7659-4A57-ABE0-C6E6C317025E}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>693</NamePositionX>
-					<NamePositionY>571</NamePositionY>
+					<NamePositionX>596</NamePositionX>
+					<NamePositionY>518</NamePositionY>
 					<Points>
 						<Point>
-							<x>979</x>
-							<y>601</y>
+							<x>755</x>
+							<y>463</y>
 						</Point>
 						<Point>
-							<x>948</x>
-							<y>601</y>
+							<x>755</x>
+							<y>494</y>
 						</Point>
 						<Point>
 							<x>637</x>
@@ -61709,24 +62329,24 @@
 					<WorkSpaceShape2>
 						<Id>{C8016D6A-B783-41C7-8F8E-6126AD3C7E82}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1308</NamePositionX>
-					<NamePositionY>1506</NamePositionY>
+					<NamePositionX>1047</NamePositionX>
+					<NamePositionY>1086</NamePositionY>
 					<Points>
 						<Point>
-							<x>1425</x>
-							<y>890</y>
+							<x>1073</x>
+							<y>463</y>
 						</Point>
 						<Point>
-							<x>1425</x>
-							<y>921</y>
+							<x>1073</x>
+							<y>494</y>
 						</Point>
 						<Point>
-							<x>1390</x>
-							<y>2212</y>
+							<x>1222</x>
+							<y>1799</y>
 						</Point>
 						<Point>
-							<x>1390</x>
-							<y>2243</y>
+							<x>1222</x>
+							<y>1830</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61752,24 +62372,24 @@
 					<WorkSpaceShape2>
 						<Id>{92DECA91-4DE9-4E41-A357-E3069F1DE138}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1450</NamePositionX>
-					<NamePositionY>1114</NamePositionY>
+					<NamePositionX>1449</NamePositionX>
+					<NamePositionY>743</NamePositionY>
 					<Points>
 						<Point>
-							<x>1673</x>
-							<y>1228</y>
+							<x>1510</x>
+							<y>892</y>
 						</Point>
 						<Point>
-							<x>1642</x>
-							<y>1228</y>
+							<x>1510</x>
+							<y>861</y>
 						</Point>
 						<Point>
-							<x>1459</x>
-							<y>1120</y>
+							<x>1588</x>
+							<y>745</y>
 						</Point>
 						<Point>
-							<x>1428</x>
-							<y>1120</y>
+							<x>1588</x>
+							<y>714</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61795,24 +62415,24 @@
 					<WorkSpaceShape2>
 						<Id>{92DECA91-4DE9-4E41-A357-E3069F1DE138}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1015</NamePositionX>
-					<NamePositionY>868</NamePositionY>
+					<NamePositionX>1110</NamePositionX>
+					<NamePositionY>487</NamePositionY>
 					<Points>
 						<Point>
-							<x>1090</x>
-							<y>890</y>
+							<x>1152</x>
+							<y>463</y>
 						</Point>
 						<Point>
-							<x>1090</x>
-							<y>921</y>
+							<x>1152</x>
+							<y>494</y>
 						</Point>
 						<Point>
-							<x>1140</x>
-							<y>930</y>
+							<x>1269</x>
+							<y>594</y>
 						</Point>
 						<Point>
-							<x>1140</x>
-							<y>961</y>
+							<x>1300</x>
+							<y>594</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61838,8 +62458,8 @@
 					<WorkSpaceShape2>
 						<Id>{92DECA91-4DE9-4E41-A357-E3069F1DE138}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>2028</NamePositionX>
-					<NamePositionY>632</NamePositionY>
+					<NamePositionX>2252</NamePositionX>
+					<NamePositionY>409</NamePositionY>
 					<Points>
 						<Point>
 							<x>2827</x>
@@ -61850,12 +62470,12 @@
 							<y>343</y>
 						</Point>
 						<Point>
-							<x>1459</x>
-							<y>1041</y>
+							<x>1907</x>
+							<y>594</y>
 						</Point>
 						<Point>
-							<x>1428</x>
-							<y>1041</y>
+							<x>1876</x>
+							<y>594</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -61881,24 +62501,24 @@
 					<WorkSpaceShape2>
 						<Id>{1DFD0182-EAC5-452D-AF1B-7E93FDB80A05}</Id>
 					</WorkSpaceShape2>
-					<NamePositionX>1056</NamePositionX>
-					<NamePositionY>1126</NamePositionY>
+					<NamePositionX>899</NamePositionX>
+					<NamePositionY>743</NamePositionY>
 					<Points>
 						<Point>
-							<x>1313</x>
-							<y>890</y>
+							<x>993</x>
+							<y>463</y>
 						</Point>
 						<Point>
-							<x>1313</x>
-							<y>921</y>
+							<x>993</x>
+							<y>494</y>
 						</Point>
 						<Point>
-							<x>998</x>
-							<y>1452</y>
+							<x>1006</x>
+							<y>1112</y>
 						</Point>
 						<Point>
-							<x>998</x>
-							<y>1483</y>
+							<x>1006</x>
+							<y>1143</y>
 						</Point>
 					</Points>
 				</WorkSpaceLinePERRelationPG83>
@@ -62953,6 +63573,289 @@
 			<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
 			<Gradient>1</Gradient>
 		</PERWorkSpacePG83>
+		<PERWorkSpacePG83 ObjectType="2501" CSAOName="PERWorkSpacePG83">
+			<Id>{1280CEEC-23B1-403E-80A3-C5C5162D7EF0}</Id>
+			<Name>Addon CaseTime</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{C9DBF077-81B2-4522-A936-CB098D5B170F}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<PenWidth>1</PenWidth>
+			<PenColor>0</PenColor>
+			<BrushColor>15780518</BrushColor>
+			<FontCharset>238</FontCharset>
+			<FontColor>0</FontColor>
+			<FontName>Arial</FontName>
+			<FontStyle>0</FontStyle>
+			<BackgroundColor>16777215</BackgroundColor>
+			<RecalculateSize>1</RecalculateSize>
+			<FullBackground>0</FullBackground>
+			<Shadow>1</Shadow>
+			<DisplayLineNames>1</DisplayLineNames>
+			<FontHeight>-28</FontHeight>
+			<RightAngledLines>0</RightAngledLines>
+			<Grid>0</Grid>
+			<GridVisible>0</GridVisible>
+			<GridSize>30</GridSize>
+			<Description></Description>
+			<ShapeList>
+				<WorkSpaceShapeModelTitlePG83 ObjectType="1504" CSAOName="WorkSpaceShapeModelTitlePG83">
+					<Id>{6E9BB97A-4DBC-4671-A472-51D27BC8E887}</Id>
+					<Name>Stamp</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{13CF1794-84A3-4096-A776-0A5E78E0B2E4}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{C23ADE6F-999C-429E-916F-AA0F023D4779}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>40</Top>
+					<Left>23</Left>
+					<z>0</z>
+					<Width>390</Width>
+					<Height>288</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>0</FullBackground>
+					<LineList/>
+				</WorkSpaceShapeModelTitlePG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{0DED76F6-0658-47F5-B1E4-83C9FED5F5E2}</Id>
+					<Name>tbl_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{A9236635-7BA0-4C9E-8CF0-97FA141DAC40}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>16777215</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>997</Top>
+					<Left>588</Left>
+					<z>0</z>
+					<Width>652</Width>
+					<Height>473</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>0</FullBackground>
+					<LineList>
+						<Id>{B989B926-3B00-460C-881A-F79A1089EFBE}</Id>
+						<Id>{E321D9FA-565A-417E-A534-9E7F8816C670}</Id>
+					</LineList>
+					<DisplayIndexes>1</DisplayIndexes>
+					<AlignInColumns>1</AlignInColumns>
+					<DisplayMode>5</DisplayMode>
+					<DisplayTypes>1</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{5EAA14B2-B33F-44A0-8F89-57A59AFFD200}</Id>
+					<Name>tbl_benutzer</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{72885F8B-CF18-4D48-8EF7-1F5EB9291E35}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{20863D57-4A76-4276-B1E9-1FF7E0B4C0BB}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>121</Top>
+					<Left>575</Left>
+					<z>0</z>
+					<Width>594</Width>
+					<Height>512</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>1</FullBackground>
+					<LineList>
+						<Id>{B989B926-3B00-460C-881A-F79A1089EFBE}</Id>
+					</LineList>
+					<DisplayIndexes>1</DisplayIndexes>
+					<AlignInColumns>1</AlignInColumns>
+					<DisplayMode>5</DisplayMode>
+					<DisplayTypes>1</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
+				<WorkSpaceShapePEREntityPG83 ObjectType="2502" CSAOName="WorkSpaceShapePEREntityPG83">
+					<Id>{11EA3BF2-02C0-4BE5-BCE0-0C40C9CC062E}</Id>
+					<Name>tbl_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{832DB53A-8F4B-49BF-A6B4-550FC981E5C4}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{77732D47-692A-4EE3-9C88-EBAB8B9B85B4}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>12639424</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<Top>79</Top>
+					<Left>1333</Left>
+					<z>0</z>
+					<Width>569</Width>
+					<Height>668</Height>
+					<dz>0</dz>
+					<RecalculateSizes>1</RecalculateSizes>
+					<UseWorkSpaceRecalculateSizes>1</UseWorkSpaceRecalculateSizes>
+					<Shadow>1</Shadow>
+					<FullBackground>1</FullBackground>
+					<LineList>
+						<Id>{E321D9FA-565A-417E-A534-9E7F8816C670}</Id>
+					</LineList>
+					<DisplayIndexes>1</DisplayIndexes>
+					<AlignInColumns>1</AlignInColumns>
+					<DisplayMode>5</DisplayMode>
+					<DisplayTypes>1</DisplayTypes>
+					<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+					<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+					<Gradient>1</Gradient>
+				</WorkSpaceShapePEREntityPG83>
+			</ShapeList>
+			<LineList>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{B989B926-3B00-460C-881A-F79A1089EFBE}</Id>
+					<Name>fk_benutzer_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{7C268C71-72BA-4BCD-ABC8-E0AEBEE42EA8}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{D5D8FED0-6E7D-4EA7-9AF6-61B1E68B1039}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{5EAA14B2-B33F-44A0-8F89-57A59AFFD200}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{0DED76F6-0658-47F5-B1E4-83C9FED5F5E2}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>793</NamePositionX>
+					<NamePositionY>755</NamePositionY>
+					<Points>
+						<Point>
+							<x>872</x>
+							<y>633</y>
+						</Point>
+						<Point>
+							<x>872</x>
+							<y>664</y>
+						</Point>
+						<Point>
+							<x>914</x>
+							<y>966</y>
+						</Point>
+						<Point>
+							<x>914</x>
+							<y>997</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+				<WorkSpaceLinePERRelationPG83 ObjectType="2504" CSAOName="WorkSpaceLinePERRelationPG83">
+					<Id>{E321D9FA-565A-417E-A534-9E7F8816C670}</Id>
+					<Name>fk_zeitaufzeichnung_casetime_zeitaufzeichnung</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{B00FF38F-6D9F-4B87-A0AA-C1A5DB759027}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<ParentBaseID>{FDA5B841-7FCE-4A9D-B890-BA5A1814FBE2}</ParentBaseID>
+					<PenWidth>1</PenWidth>
+					<PenColor>0</PenColor>
+					<BrushColor>15780518</BrushColor>
+					<FontCharset>238</FontCharset>
+					<FontColor>0</FontColor>
+					<FontName>Arial</FontName>
+					<FontStyle>0</FontStyle>
+					<FormatLocked>0</FormatLocked>
+					<FontHeight>-28</FontHeight>
+					<WorkSpaceShape1>
+						<Id>{11EA3BF2-02C0-4BE5-BCE0-0C40C9CC062E}</Id>
+					</WorkSpaceShape1>
+					<WorkSpaceShape2>
+						<Id>{0DED76F6-0658-47F5-B1E4-83C9FED5F5E2}</Id>
+					</WorkSpaceShape2>
+					<NamePositionX>1345</NamePositionX>
+					<NamePositionY>946</NamePositionY>
+					<Points>
+						<Point>
+							<x>1618</x>
+							<y>747</y>
+						</Point>
+						<Point>
+							<x>1618</x>
+							<y>778</y>
+						</Point>
+						<Point>
+							<x>1271</x>
+							<y>1234</y>
+						</Point>
+						<Point>
+							<x>1240</x>
+							<y>1234</y>
+						</Point>
+					</Points>
+				</WorkSpaceLinePERRelationPG83>
+			</LineList>
+			<Page>
+				<WorkSpacePagePG83 ObjectType="1511" CSAOName="WorkSpacePagePG83">
+					<Id>{3B00316F-E61F-4DD5-AF58-923F88815563}</Id>
+					<Name>Page Format</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{D68E093A-A59B-4822-88EE-ED37FD166FBD}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<Zoom>100</Zoom>
+					<FitToPage>0</FitToPage>
+					<Orientation>0</Orientation>
+					<Size>8</Size>
+					<HeightDec>2970</HeightDec>
+					<WidthDec>2100</WidthDec>
+					<MarginBottomDec>150</MarginBottomDec>
+					<MarginLeftDec>100</MarginLeftDec>
+					<MarginRightDec>100</MarginRightDec>
+					<MarginTopDec>150</MarginTopDec>
+				</WorkSpacePagePG83>
+			</Page>
+			<DisplayIndexes>1</DisplayIndexes>
+			<AlignInColumns>1</AlignInColumns>
+			<AutoFill>0</AutoFill>
+			<DisplayMode>5</DisplayMode>
+			<Notation>0</Notation>
+			<DisplayDictTypesAsDataTypes>0</DisplayDictTypesAsDataTypes>
+			<DisplayTypes>1</DisplayTypes>
+			<DisplayGraphicalKeys>1</DisplayGraphicalKeys>
+			<Gradient>1</Gradient>
+		</PERWorkSpacePG83>
 	</WorkSpaces>
 	<Categories/>
 	<ToDoItems/>
@@ -63080,8 +63983,8 @@
 			<Author>Systementwicklung</Author>
 			<Company>FH Technikum Wien</Company>
 			<Version>3.0</Version>
-			<CreatedDate>2009-04-17T11:15:21.000+02:00</CreatedDate>
-			<ModifiedDate>2014-10-20T11:44:24.874+02:00</ModifiedDate>
+			<CreatedDate>2009-04-17T10:15:21.000+01:00</CreatedDate>
+			<ModifiedDate>2014-11-25T11:05:25.771+01:00</ModifiedDate>
 			<Project>FH-Complete 3.0</Project>
 			<Description>&lt;?xml-stylesheet type="text/xsl" href="FHCompleteTDM3PG83.xsl"?&gt;
 </Description>
@@ -63473,6 +64376,8 @@
 				<Id>{D5E4800D-36A2-4B26-9A6D-B6A9DA7E42AF}</Id>
 				<Id>{886F1100-EBF7-4C7C-BAA0-B46CD9153AEB}</Id>
 				<Id>{86CBB428-B1D1-484E-9E33-DCD4D9092530}</Id>
+				<Id>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</Id>
+				<Id>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</Id>
 			</SelectedObjects>
 			<ParentSetNullDelete>0</ParentSetNullDelete>
 			<ParentSetDefaultUpdate>0</ParentSetDefaultUpdate>
@@ -79420,6 +80325,7 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 				<Id>{A158B38D-62CC-4396-AE15-EBE9405CAE7C}</Id>
 				<Id>{62BE4B08-0D23-44A5-810E-762CFFC006CD}</Id>
 				<Id>{21B4EDD7-9927-451E-86BA-E8A64C408F3D}</Id>
+				<Id>{FDA5B841-7FCE-4A9D-B890-BA5A1814FBE2}</Id>
 			</Relations>
 			<Attributes>
 				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
@@ -79450,7 +80356,9 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 					<KeyConstraintItems>
 						<Id>{8C707137-8224-4B79-A7D1-7EE9B514EDEF}</Id>
 					</KeyConstraintItems>
-					<PKForeignKeys/>
+					<PKForeignKeys>
+						<Id>{54AE582F-9DAD-485D-812D-A8338044B7DA}</Id>
+					</PKForeignKeys>
 					<FKForeignKeys/>
 					<DictType/>
 					<Domain/>
@@ -80127,10 +81035,14 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 							<Attribute>
 								<Id>{E4012763-A933-4A57-963E-3BD5C15F5B5F}</Id>
 							</Attribute>
-							<ForeignKeys/>
+							<ForeignKeys>
+								<Id>{54AE582F-9DAD-485D-812D-A8338044B7DA}</Id>
+							</ForeignKeys>
 						</PERKeyConstraintItemPG83>
 					</KeyItems>
-					<Relations/>
+					<Relations>
+						<Id>{FDA5B841-7FCE-4A9D-B890-BA5A1814FBE2}</Id>
+					</Relations>
 					<Attribute/>
 					<Tablespace/>
 					<FillFactor></FillFactor>
@@ -81787,6 +82699,47 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 					<ArrDims></ArrDims>
 					<IsArray>0</IsArray>
 				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{AA933B62-3457-49D0-A1AF-DC49B2402B3A}</Id>
+					<Name>sort</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{D0A57F4C-D3C9-411A-8B55-1A3312A5202C}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>sort</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{361EF147-269D-4247-8F7C-5A3876A3999A}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
 			</Attributes>
 			<Keys>
 				<PERKeyConstraintPG83 ObjectType="2010" CSAOName="PERKeyConstraintPG83">
@@ -105017,6 +105970,7 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 				<Id>{514C98FE-C031-44F2-B626-B86E11B2D13F}</Id>
 				<Id>{EC8AA3BC-DED7-49D2-A9DB-96C30F061E0A}</Id>
 				<Id>{6E66A5BE-4F03-4F42-9371-646C37F902DA}</Id>
+				<Id>{D5D8FED0-6E7D-4EA7-9AF6-61B1E68B1039}</Id>
 			</Relations>
 			<Attributes>
 				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
@@ -105087,6 +106041,7 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 						<Id>{ABE9C799-3309-445C-A579-6570F757E61C}</Id>
 						<Id>{6B81A296-AC1E-454A-A626-2D80CF42FCB2}</Id>
 						<Id>{311980DE-8F65-4595-B2E3-EB8ECB2ECEB5}</Id>
+						<Id>{2A6A277F-32BD-4D48-AA53-B32164DA778B}</Id>
 					</PKForeignKeys>
 					<FKForeignKeys/>
 					<DictType/>
@@ -105630,6 +106585,7 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 								<Id>{ABE9C799-3309-445C-A579-6570F757E61C}</Id>
 								<Id>{6B81A296-AC1E-454A-A626-2D80CF42FCB2}</Id>
 								<Id>{311980DE-8F65-4595-B2E3-EB8ECB2ECEB5}</Id>
+								<Id>{2A6A277F-32BD-4D48-AA53-B32164DA778B}</Id>
 							</ForeignKeys>
 						</PERKeyConstraintItemPG83>
 					</KeyItems>
@@ -105673,6 +106629,7 @@ Studiengang&gt;0 und Semester&gt;0 -&gt; News fuer bestimmtes Semester im Studie
 						<Id>{514C98FE-C031-44F2-B626-B86E11B2D13F}</Id>
 						<Id>{EC8AA3BC-DED7-49D2-A9DB-96C30F061E0A}</Id>
 						<Id>{6E66A5BE-4F03-4F42-9371-646C37F902DA}</Id>
+						<Id>{D5D8FED0-6E7D-4EA7-9AF6-61B1E68B1039}</Id>
 					</Relations>
 					<Attribute/>
 					<Tablespace/>
@@ -126735,6 +127692,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 				<Id>{9C0D7384-B1B0-4C3C-863F-F082451BB02B}</Id>
 				<Id>{F43908D4-64E8-4DF9-9B6E-4BB548C0DA4A}</Id>
 				<Id>{B9D21336-CA2A-43D7-9127-FFDD1EF3205A}</Id>
+				<Id>{7287139E-D56F-49A7-B66D-8BE7E5E4ED17}</Id>
 			</Relations>
 			<Attributes>
 				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
@@ -126777,6 +127735,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 						<Id>{41FD15C8-58B7-41BC-ABA5-8F969A1FE7F7}</Id>
 						<Id>{433C5091-A976-4D84-AB99-37F5012B0DA5}</Id>
 						<Id>{E2530C3C-B8A4-4366-906D-796C14331323}</Id>
+						<Id>{10F50465-38B3-44C5-949B-48CF1ED5EA90}</Id>
 					</PKForeignKeys>
 					<FKForeignKeys/>
 					<DictType/>
@@ -127046,6 +128005,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 								<Id>{41FD15C8-58B7-41BC-ABA5-8F969A1FE7F7}</Id>
 								<Id>{433C5091-A976-4D84-AB99-37F5012B0DA5}</Id>
 								<Id>{E2530C3C-B8A4-4366-906D-796C14331323}</Id>
+								<Id>{10F50465-38B3-44C5-949B-48CF1ED5EA90}</Id>
 							</ForeignKeys>
 						</PERKeyConstraintItemPG83>
 					</KeyItems>
@@ -127061,6 +128021,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 						<Id>{9C0D7384-B1B0-4C3C-863F-F082451BB02B}</Id>
 						<Id>{F43908D4-64E8-4DF9-9B6E-4BB548C0DA4A}</Id>
 						<Id>{B9D21336-CA2A-43D7-9127-FFDD1EF3205A}</Id>
+						<Id>{7287139E-D56F-49A7-B66D-8BE7E5E4ED17}</Id>
 					</Relations>
 					<Attribute/>
 					<Tablespace/>
@@ -129055,6 +130016,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 				<Id>{6DCF8A37-0ECD-4990-8819-55E5C42704DA}</Id>
 				<Id>{9A5B5BE0-3AEE-4F35-BDE0-D24645ECDA8B}</Id>
 				<Id>{C291FBEC-A1AD-48E3-A101-293E676D94C2}</Id>
+				<Id>{6BD0CCF6-C25C-4F65-BB8C-2E6FC3D60A65}</Id>
 			</Relations>
 			<Attributes>
 				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
@@ -129110,6 +130072,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 						<Id>{3ACB281D-E7B1-424A-B141-C366B3F21E6A}</Id>
 						<Id>{C7CFC347-482C-4E8F-8848-E09674D3E967}</Id>
 						<Id>{0A07A307-0526-4AA8-B5F7-32CC8A88A181}</Id>
+						<Id>{D22BCFC9-C00D-41DC-B162-88566CF4824B}</Id>
 					</PKForeignKeys>
 					<FKForeignKeys/>
 					<DictType/>
@@ -130484,6 +131447,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 								<Id>{3ACB281D-E7B1-424A-B141-C366B3F21E6A}</Id>
 								<Id>{C7CFC347-482C-4E8F-8848-E09674D3E967}</Id>
 								<Id>{0A07A307-0526-4AA8-B5F7-32CC8A88A181}</Id>
+								<Id>{D22BCFC9-C00D-41DC-B162-88566CF4824B}</Id>
 							</ForeignKeys>
 						</PERKeyConstraintItemPG83>
 					</KeyItems>
@@ -130512,6 +131476,7 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 						<Id>{CD1ED4C7-04E2-4A29-850A-8FBE9A72DDF2}</Id>
 						<Id>{6DCF8A37-0ECD-4990-8819-55E5C42704DA}</Id>
 						<Id>{C291FBEC-A1AD-48E3-A101-293E676D94C2}</Id>
+						<Id>{6BD0CCF6-C25C-4F65-BB8C-2E6FC3D60A65}</Id>
 					</Relations>
 					<Attribute/>
 					<Tablespace/>
@@ -130843,6 +131808,47 @@ ALTER TABLE tbl_mitarbeiter ALTER COLUMN personalnummer DROP NOT NULL;</Comments
 					<ArrDims></ArrDims>
 					<IsArray>0</IsArray>
 				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{D48E8E30-6B09-4605-8EEB-C7DF6FAEAB27}</Id>
+					<Name>studienjahr_kurzbz</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{BDBF378D-D0A7-410E-A3DD-478B18CFD5AF}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1>16</DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>studienjahr_kurzbz</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{ECB8F02F-B683-4252-8508-ED9D064C9AF3}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
 			</Attributes>
 			<Keys>
 				<PERKeyConstraintPG83 ObjectType="2010" CSAOName="PERKeyConstraintPG83">
@@ -152812,6 +153818,7 @@ Wenn FALSE haengt die Anzahl der Fragen pro Level von der Gesamtzahl pro Level a
 				<Id>{90F7DB7B-862E-443D-9009-C177BF29A113}</Id>
 				<Id>{1CD3A3AC-4796-4B95-B24A-BD1EDB2B158B}</Id>
 				<Id>{A884D03E-BAB0-4FB7-9893-C3BA7C196082}</Id>
+				<Id>{FDF638AA-C04C-4007-A228-AB975C067734}</Id>
 			</Relations>
 			<Attributes>
 				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
@@ -152852,6 +153859,7 @@ Wenn FALSE haengt die Anzahl der Fragen pro Level von der Gesamtzahl pro Level a
 						<Id>{DF045219-1F40-478B-B8A4-4136577E5687}</Id>
 						<Id>{944AA6C9-9543-4AA5-AF16-678DCF9B56AC}</Id>
 						<Id>{1D7C9887-797A-4745-9016-58B3EEF5BB61}</Id>
+						<Id>{44513FD4-A673-4143-857F-65F347CDDB35}</Id>
 					</PKForeignKeys>
 					<FKForeignKeys/>
 					<DictType/>
@@ -153283,6 +154291,7 @@ Wenn FALSE haengt die Anzahl der Fragen pro Level von der Gesamtzahl pro Level a
 								<Id>{DF045219-1F40-478B-B8A4-4136577E5687}</Id>
 								<Id>{944AA6C9-9543-4AA5-AF16-678DCF9B56AC}</Id>
 								<Id>{1D7C9887-797A-4745-9016-58B3EEF5BB61}</Id>
+								<Id>{44513FD4-A673-4143-857F-65F347CDDB35}</Id>
 							</ForeignKeys>
 						</PERKeyConstraintItemPG83>
 					</KeyItems>
@@ -153296,6 +154305,7 @@ Wenn FALSE haengt die Anzahl der Fragen pro Level von der Gesamtzahl pro Level a
 						<Id>{90F7DB7B-862E-443D-9009-C177BF29A113}</Id>
 						<Id>{1CD3A3AC-4796-4B95-B24A-BD1EDB2B158B}</Id>
 						<Id>{A884D03E-BAB0-4FB7-9893-C3BA7C196082}</Id>
+						<Id>{FDF638AA-C04C-4007-A228-AB975C067734}</Id>
 					</Relations>
 					<Attribute/>
 					<Tablespace/>
@@ -175398,6 +176408,47 @@ Wenn FALSE haengt die Anzahl der Fragen pro Level von der Gesamtzahl pro Level a
 					<ArrDims></ArrDims>
 					<IsArray>0</IsArray>
 				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{08F63DE4-A65B-43A8-B027-A4F3B517D1DF}</Id>
+					<Name>sort</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{8663B151-9512-4C53-A439-0E36E05967EC}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>sort</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{361EF147-269D-4247-8F7C-5A3876A3999A}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
 			</Attributes>
 			<Keys>
 				<PERKeyConstraintPG83 ObjectType="2010" CSAOName="PERKeyConstraintPG83">
@@ -187947,6 +188998,1009 @@ Storno
 			<FillFactor></FillFactor>
 			<Sequences/>
 		</PEREntityPG83>
+		<PEREntityPG83 ObjectType="2002" CSAOName="PEREntityPG83">
+			<Id>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</Id>
+			<Name>tbl_ablauf_vorgaben</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{46BA6F71-68CB-4E61-9668-365B094E2D57}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<RNOffset>0</RNOffset>
+			<RNLength>0</RNLength>
+			<IgnoreNC>0</IgnoreNC>
+			<GenerateCode>1</GenerateCode>
+			<BeforeScript></BeforeScript>
+			<AfterScript></AfterScript>
+			<Notes></Notes>
+			<Comments></Comments>
+			<Caption>tbl_ablauf_vorgaben</Caption>
+			<Size>0</Size>
+			<Relations>
+				<Id>{6BD0CCF6-C25C-4F65-BB8C-2E6FC3D60A65}</Id>
+				<Id>{7287139E-D56F-49A7-B66D-8BE7E5E4ED17}</Id>
+				<Id>{FDF638AA-C04C-4007-A228-AB975C067734}</Id>
+			</Relations>
+			<Attributes>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{260F3C41-0253-460F-AF1F-01DA427DAC49}</Id>
+					<Name>ablauf_vorgaben_id</Name>
+					<Ordinal>1</Ordinal>
+					<HistoryID>{CB82084D-D287-4B05-B013-C44D3EA596CB}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>1</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>ablauf_vorgaben_id</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems>
+						<Id>{CAA3B8F7-F47A-4C55-912F-8292E55A3B4C}</Id>
+					</KeyConstraintItems>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{5F0FB0CB-62A1-4BDC-A4DA-882CACFC296A}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{AF812563-CA14-4FEC-836F-476DED0E7ED8}</Id>
+					<Name>studiengang_kz</Name>
+					<Ordinal>2</Ordinal>
+					<HistoryID>{94CB5399-8294-4698-B591-8FA26D62B7E9}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>1</NotNull>
+					<Migrated>1</Migrated>
+					<Caption>studiengang_kz</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys>
+						<Id>{D22BCFC9-C00D-41DC-B162-88566CF4824B}</Id>
+					</FKForeignKeys>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{361EF147-269D-4247-8F7C-5A3876A3999A}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{8679B373-C6AA-443B-81E3-B23AD037B8A6}</Id>
+					<Name>sprache</Name>
+					<Ordinal>3</Ordinal>
+					<HistoryID>{6C562D60-464F-4AE5-91C6-96058D450435}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1>16</DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>1</Migrated>
+					<Caption>sprache</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys>
+						<Id>{10F50465-38B3-44C5-949B-48CF1ED5EA90}</Id>
+					</FKForeignKeys>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{ECB8F02F-B683-4252-8508-ED9D064C9AF3}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{D7AD09D1-4846-45BE-842B-A54667BBBC06}</Id>
+					<Name>sprachwahl</Name>
+					<Ordinal>4</Ordinal>
+					<HistoryID>{82D4A494-2B03-4A75-AC9F-D6561669CA85}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>1</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>sprachwahl</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{D64069A5-B04A-490B-B0A2-5144DEA81A2E}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{5819A931-4BAA-4262-91B5-6ED6908E7D81}</Id>
+					<Name>content_id</Name>
+					<Ordinal>5</Ordinal>
+					<HistoryID>{C835EEF3-882E-4E2C-8F14-633376E13BD0}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>1</Migrated>
+					<Caption>content_id</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys>
+						<Id>{44513FD4-A673-4143-857F-65F347CDDB35}</Id>
+					</FKForeignKeys>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{361EF147-269D-4247-8F7C-5A3876A3999A}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{9D76ED2A-F920-4D52-A325-8EF49FE0C398}</Id>
+					<Name>insertamum</Name>
+					<Ordinal>6</Ordinal>
+					<HistoryID>{CB6F97A1-6E78-4D25-8D50-EF73B8BEF3B2}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>insertamum</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{342E3F36-138D-40F7-B1B2-D9489C848835}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{9DE81F28-4995-4966-889B-A56FC9A1D15B}</Id>
+					<Name>insertvon</Name>
+					<Ordinal>7</Ordinal>
+					<HistoryID>{8D5D652A-002A-427F-9954-34BAB85C4127}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1>32</DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>insertvon</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{ECB8F02F-B683-4252-8508-ED9D064C9AF3}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{C9297414-55D1-4CF5-8545-BD1352F17C74}</Id>
+					<Name>updateamum</Name>
+					<Ordinal>8</Ordinal>
+					<HistoryID>{86354768-68D2-409C-83CD-BA0465DE1FDB}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>updateamum</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{342E3F36-138D-40F7-B1B2-D9489C848835}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{73BF40A7-6FF1-470D-9126-E2B5CC62DD88}</Id>
+					<Name>updatevon</Name>
+					<Ordinal>9</Ordinal>
+					<HistoryID>{FE56A3C5-16AE-4E92-A87A-306DAAAC9395}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1>32</DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>updatevon</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{ECB8F02F-B683-4252-8508-ED9D064C9AF3}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+			</Attributes>
+			<Keys>
+				<PERKeyConstraintPG83 ObjectType="2010" CSAOName="PERKeyConstraintPG83">
+					<Id>{618E8897-5064-458B-A858-88149064BF37}</Id>
+					<Name>Key110</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{B8C0E00E-2D35-4C8D-BE10-28A764FD0A09}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<Caption>Key110</Caption>
+					<KeyItems>
+						<PERKeyConstraintItemPG83 ObjectType="2011" CSAOName="PERKeyConstraintItemPG83">
+							<Id>{CAA3B8F7-F47A-4C55-912F-8292E55A3B4C}</Id>
+							<Name>ablauf_vorgaben_id</Name>
+							<Ordinal>0</Ordinal>
+							<HistoryID>{1EF4E36F-96DF-4EF9-9C5F-93B46871D5A4}</HistoryID>
+							<GlobalOrder>0</GlobalOrder>
+							<GenerateCode>1</GenerateCode>
+							<BeforeScript></BeforeScript>
+							<AfterScript></AfterScript>
+							<Notes></Notes>
+							<Comments></Comments>
+							<SortDescending>0</SortDescending>
+							<Attribute>
+								<Id>{260F3C41-0253-460F-AF1F-01DA427DAC49}</Id>
+							</Attribute>
+							<ForeignKeys/>
+						</PERKeyConstraintItemPG83>
+					</KeyItems>
+					<Relations/>
+					<Attribute/>
+					<Tablespace/>
+					<FillFactor></FillFactor>
+				</PERKeyConstraintPG83>
+			</Keys>
+			<PK>
+				<Id>{618E8897-5064-458B-A858-88149064BF37}</Id>
+			</PK>
+			<Indexes/>
+			<CheckConstraints/>
+			<Category/>
+			<Triggers/>
+			<ToDoItems/>
+			<DbOwner/>
+			<Schema>
+				<Id>{951DEB7C-0566-4FDB-9767-BBA35A843199}</Id>
+			</Schema>
+			<NoteLines/>
+			<WithOids>0</WithOids>
+			<Inherited></Inherited>
+			<TempTable>0</TempTable>
+			<Tablespace/>
+			<RewriteRules/>
+			<FillFactor></FillFactor>
+			<Sequences/>
+		</PEREntityPG83>
+		<PEREntityPG83 ObjectType="2002" CSAOName="PEREntityPG83">
+			<Id>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</Id>
+			<Name>tbl_casetime_zeitaufzeichnung</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{CD12CCAA-F02C-4D33-996E-1ED59B241AEC}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<RNOffset>0</RNOffset>
+			<RNLength>0</RNLength>
+			<IgnoreNC>0</IgnoreNC>
+			<GenerateCode>1</GenerateCode>
+			<BeforeScript></BeforeScript>
+			<AfterScript></AfterScript>
+			<Notes></Notes>
+			<Comments></Comments>
+			<Caption>tbl_casetime_zeitaufzeichnung</Caption>
+			<Size>0</Size>
+			<Relations>
+				<Id>{D5D8FED0-6E7D-4EA7-9AF6-61B1E68B1039}</Id>
+				<Id>{FDA5B841-7FCE-4A9D-B890-BA5A1814FBE2}</Id>
+			</Relations>
+			<Attributes>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{06B04608-DA8E-447B-897E-56C94BA198E1}</Id>
+					<Name>casetime_zeitaufzeichnung_id</Name>
+					<Ordinal>1</Ordinal>
+					<HistoryID>{D398DAB1-AAD6-45A9-8511-0FCE2A9F8DA8}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>1</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>casetime_zeitaufzeichnung_id</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems>
+						<Id>{4E4A6CA1-3035-4059-9A25-6BF21CA70D53}</Id>
+					</KeyConstraintItems>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{5F0FB0CB-62A1-4BDC-A4DA-882CACFC296A}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{D410886C-91A8-477E-8FE6-0E448E360620}</Id>
+					<Name>uid</Name>
+					<Ordinal>2</Ordinal>
+					<HistoryID>{1FDC192D-F520-498E-A178-D619BDE6B00A}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1>32</DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>1</Migrated>
+					<Caption>uid</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys>
+						<Id>{2A6A277F-32BD-4D48-AA53-B32164DA778B}</Id>
+					</FKForeignKeys>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{ECB8F02F-B683-4252-8508-ED9D064C9AF3}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{5AC01A7D-EB07-43D7-8997-DF4DBE20B16E}</Id>
+					<Name>datum</Name>
+					<Ordinal>3</Ordinal>
+					<HistoryID>{B0928194-C4EE-4A1F-8728-D37BC4BA14F3}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>datum</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{5EBD99F4-5263-4410-9892-11DB7C2DF84B}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{4B56C2F5-2827-459B-B304-AFAF903DBE8B}</Id>
+					<Name>zeit_start</Name>
+					<Ordinal>4</Ordinal>
+					<HistoryID>{A56F53FE-BCE0-41EA-BBF4-7D1312769972}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>zeit_start</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{3DD56C5A-B10A-4E02-8CB2-C7B4880B63DD}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{8076DD6C-C03F-4D4E-ACA0-22170DEAF320}</Id>
+					<Name>zeit_ende</Name>
+					<Ordinal>5</Ordinal>
+					<HistoryID>{61573977-2A5A-48C3-8AEB-62D644A86663}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>zeit_ende</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{3DD56C5A-B10A-4E02-8CB2-C7B4880B63DD}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{DCBD62CB-D7E7-4447-A450-557F80EC9F42}</Id>
+					<Name>ext_id1</Name>
+					<Ordinal>6</Ordinal>
+					<HistoryID>{DAEC8CB6-B163-4770-B9F4-AFDCE1702BFE}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>ext_id1</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{F6C99ABF-677B-48C6-920E-F375B79C336D}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{2AE46C9E-42EE-42E1-894F-B5292E947AE4}</Id>
+					<Name>ext_id2</Name>
+					<Ordinal>7</Ordinal>
+					<HistoryID>{69C3B206-D9A1-49FE-97DD-A092576AC621}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>ext_id2</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{F6C99ABF-677B-48C6-920E-F375B79C336D}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{F58DF485-E79E-467D-94F7-5DAAC899137C}</Id>
+					<Name>typ</Name>
+					<Ordinal>8</Ordinal>
+					<HistoryID>{2BEBE926-CDF4-4756-8079-6973F8F3C987}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1>16</DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>typ</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{ECB8F02F-B683-4252-8508-ED9D064C9AF3}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{905267D7-9070-470D-988A-A12EB9A72E7E}</Id>
+					<Name>sync</Name>
+					<Ordinal>9</Ordinal>
+					<HistoryID>{532174AF-ADE1-40D1-855A-B78BEE0F157D}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>sync</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{D64069A5-B04A-490B-B0A2-5144DEA81A2E}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{6B916ED7-D0F9-4D17-A149-21C383A11275}</Id>
+					<Name>delete</Name>
+					<Ordinal>10</Ordinal>
+					<HistoryID>{E748F202-EA00-474B-9020-71A3759B0F49}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue></DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>0</Migrated>
+					<Caption>delete</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys/>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{D64069A5-B04A-490B-B0A2-5144DEA81A2E}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+				<PERAttributePG83 ObjectType="2003" CSAOName="PERAttributePG83">
+					<Id>{010866BD-2A25-4A96-B8AD-7DFB6398AC42}</Id>
+					<Name>zeitaufzeichnung_id</Name>
+					<Ordinal>11</Ordinal>
+					<HistoryID>{14944C31-DB09-4C6D-A444-7C433CFDC0A8}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<DataTypeParam1></DataTypeParam1>
+					<DataTypeParam2></DataTypeParam2>
+					<KeepForeignKey>0</KeepForeignKey>
+					<DefaultValue>nextval('campus.seq_zeitaufzeichnung_zeitaufzeichnung_id'::regclass)</DefaultValue>
+					<NotNull>0</NotNull>
+					<Migrated>1</Migrated>
+					<Caption>zeitaufzeichnung_id</Caption>
+					<Unique>0</Unique>
+					<OriginalName></OriginalName>
+					<CheckConstraint></CheckConstraint>
+					<CheckConstraintName></CheckConstraintName>
+					<KeyConstraintItems/>
+					<PKForeignKeys/>
+					<FKForeignKeys>
+						<Id>{54AE582F-9DAD-485D-812D-A8338044B7DA}</Id>
+					</FKForeignKeys>
+					<DictType/>
+					<Domain/>
+					<DataType>
+						<Id>{361EF147-269D-4247-8F7C-5A3876A3999A}</Id>
+					</DataType>
+					<UserDataType/>
+					<IndexItems/>
+					<Default/>
+					<CheckConstraints/>
+					<KeyConstraint/>
+					<ArrDims></ArrDims>
+					<IsArray>0</IsArray>
+				</PERAttributePG83>
+			</Attributes>
+			<Keys>
+				<PERKeyConstraintPG83 ObjectType="2010" CSAOName="PERKeyConstraintPG83">
+					<Id>{846A289D-B9E1-414A-9857-0BC3A91AA664}</Id>
+					<Name>Key111</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{C2401BAC-EA02-4B3C-A639-65A65DB078FD}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<RNOffset>0</RNOffset>
+					<RNLength>0</RNLength>
+					<IgnoreNC>0</IgnoreNC>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<Caption>Key111</Caption>
+					<KeyItems>
+						<PERKeyConstraintItemPG83 ObjectType="2011" CSAOName="PERKeyConstraintItemPG83">
+							<Id>{4E4A6CA1-3035-4059-9A25-6BF21CA70D53}</Id>
+							<Name>casetime_zeitaufzeichnung_id</Name>
+							<Ordinal>0</Ordinal>
+							<HistoryID>{759A9951-42E6-4955-8611-01BC34B13B05}</HistoryID>
+							<GlobalOrder>0</GlobalOrder>
+							<GenerateCode>1</GenerateCode>
+							<BeforeScript></BeforeScript>
+							<AfterScript></AfterScript>
+							<Notes></Notes>
+							<Comments></Comments>
+							<SortDescending>0</SortDescending>
+							<Attribute>
+								<Id>{06B04608-DA8E-447B-897E-56C94BA198E1}</Id>
+							</Attribute>
+							<ForeignKeys/>
+						</PERKeyConstraintItemPG83>
+					</KeyItems>
+					<Relations/>
+					<Attribute/>
+					<Tablespace/>
+					<FillFactor></FillFactor>
+				</PERKeyConstraintPG83>
+			</Keys>
+			<PK>
+				<Id>{846A289D-B9E1-414A-9857-0BC3A91AA664}</Id>
+			</PK>
+			<Indexes/>
+			<CheckConstraints/>
+			<Category/>
+			<Triggers/>
+			<ToDoItems/>
+			<DbOwner/>
+			<Schema>
+				<Id>{8B63E9A8-D4E7-4942-83D1-CF94D6E81EA2}</Id>
+			</Schema>
+			<NoteLines/>
+			<WithOids>0</WithOids>
+			<Inherited></Inherited>
+			<TempTable>0</TempTable>
+			<Tablespace/>
+			<RewriteRules/>
+			<FillFactor></FillFactor>
+			<Sequences/>
+		</PEREntityPG83>
 	</Entities>
 	<Domains/>
 	<DictTypes/>
@@ -217945,6 +219999,296 @@ Storno
 			<MatchType>SIMPLE</MatchType>
 			<CreateIndexToFK>1</CreateIndexToFK>
 		</PERRelationPG83>
+		<PERRelationPG83 ObjectType="2004" CSAOName="PERRelationPG83">
+			<Id>{6BD0CCF6-C25C-4F65-BB8C-2E6FC3D60A65}</Id>
+			<Name>fk_studiengang_ablauf_vorgaben</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{6CC0E93D-0BFE-4E28-9E39-AB1F2FB3303A}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<O1>
+				<Id>{9EE28C51-2F05-4F7C-AE9E-7FBDB815500A}</Id>
+			</O1>
+			<O2>
+				<Id>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</Id>
+			</O2>
+			<GenerateCode>1</GenerateCode>
+			<Comments></Comments>
+			<Notes></Notes>
+			<Identifying>0</Identifying>
+			<MandatoryParent>0</MandatoryParent>
+			<MandatoryChild>0</MandatoryChild>
+			<CardinalityChild>-1</CardinalityChild>
+			<InverseName></InverseName>
+			<Caption>fk_studiengang_ablauf_vorgaben</Caption>
+			<InverseCaption></InverseCaption>
+			<RefIntegrityParentUpdate>0</RefIntegrityParentUpdate>
+			<RefIntegrityParentDelete>0</RefIntegrityParentDelete>
+			<RefIntegrityChildUpdate>0</RefIntegrityChildUpdate>
+			<RefIntegrityChildInsert>0</RefIntegrityChildInsert>
+			<Key>
+				<Id>{C3F57DE1-8035-402C-9511-039AD1BEECBC}</Id>
+			</Key>
+			<ForeignKeys>
+				<PERForeignKeyPG83 ObjectType="2014" CSAOName="PERForeignKeyPG83">
+					<Id>{D22BCFC9-C00D-41DC-B162-88566CF4824B}</Id>
+					<Name>FK studiengang_kz - studiengang_kz</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{B2D55442-9DCF-439B-B7B8-AC67FA505EFE}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<AttrParent>
+						<Id>{F2FAF7AE-0CB7-4FE9-8A55-FED44682049E}</Id>
+					</AttrParent>
+					<AttrChild>
+						<Id>{AF812563-CA14-4FEC-836F-476DED0E7ED8}</Id>
+					</AttrChild>
+					<KeyConstraintItem>
+						<Id>{AED0477E-FF31-4244-87BA-2EFF14758BD8}</Id>
+					</KeyConstraintItem>
+				</PERForeignKeyPG83>
+			</ForeignKeys>
+			<ToDoItems/>
+			<Deferred>0</Deferred>
+			<Deferrable>0</Deferrable>
+			<MatchType>SIMPLE</MatchType>
+			<CreateIndexToFK>1</CreateIndexToFK>
+		</PERRelationPG83>
+		<PERRelationPG83 ObjectType="2004" CSAOName="PERRelationPG83">
+			<Id>{7287139E-D56F-49A7-B66D-8BE7E5E4ED17}</Id>
+			<Name>fk_sprache_ablauf_vorgaben</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{FBA4CEE2-5431-4714-BB90-1D2E65E3107D}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<O1>
+				<Id>{452E9780-7375-4B66-9A50-6969381681EA}</Id>
+			</O1>
+			<O2>
+				<Id>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</Id>
+			</O2>
+			<GenerateCode>1</GenerateCode>
+			<Comments></Comments>
+			<Notes></Notes>
+			<Identifying>0</Identifying>
+			<MandatoryParent>0</MandatoryParent>
+			<MandatoryChild>0</MandatoryChild>
+			<CardinalityChild>-1</CardinalityChild>
+			<InverseName></InverseName>
+			<Caption>fk_sprache_ablauf_vorgaben</Caption>
+			<InverseCaption></InverseCaption>
+			<RefIntegrityParentUpdate>0</RefIntegrityParentUpdate>
+			<RefIntegrityParentDelete>0</RefIntegrityParentDelete>
+			<RefIntegrityChildUpdate>0</RefIntegrityChildUpdate>
+			<RefIntegrityChildInsert>0</RefIntegrityChildInsert>
+			<Key>
+				<Id>{F6BEBF65-0503-4C0F-B9FF-99D94CEB22B2}</Id>
+			</Key>
+			<ForeignKeys>
+				<PERForeignKeyPG83 ObjectType="2014" CSAOName="PERForeignKeyPG83">
+					<Id>{10F50465-38B3-44C5-949B-48CF1ED5EA90}</Id>
+					<Name>FK sprache - sprache</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{2C38AA83-6117-431E-86FA-0A0B0883E652}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<AttrParent>
+						<Id>{84D8B91C-7360-40E7-A49B-DAA60B56100B}</Id>
+					</AttrParent>
+					<AttrChild>
+						<Id>{8679B373-C6AA-443B-81E3-B23AD037B8A6}</Id>
+					</AttrChild>
+					<KeyConstraintItem>
+						<Id>{46D40AB0-DB14-441E-B0ED-F06414D05136}</Id>
+					</KeyConstraintItem>
+				</PERForeignKeyPG83>
+			</ForeignKeys>
+			<ToDoItems/>
+			<Deferred>0</Deferred>
+			<Deferrable>0</Deferrable>
+			<MatchType>SIMPLE</MatchType>
+			<CreateIndexToFK>1</CreateIndexToFK>
+		</PERRelationPG83>
+		<PERRelationPG83 ObjectType="2004" CSAOName="PERRelationPG83">
+			<Id>{FDF638AA-C04C-4007-A228-AB975C067734}</Id>
+			<Name>fk_content_ablauf_vorgabe</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{93756743-E7EC-41E4-969F-76EDDE78326A}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<O1>
+				<Id>{57CF0E77-D04F-44B8-93B2-66C2651DD4F8}</Id>
+			</O1>
+			<O2>
+				<Id>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</Id>
+			</O2>
+			<GenerateCode>1</GenerateCode>
+			<Comments></Comments>
+			<Notes></Notes>
+			<Identifying>0</Identifying>
+			<MandatoryParent>0</MandatoryParent>
+			<MandatoryChild>0</MandatoryChild>
+			<CardinalityChild>-1</CardinalityChild>
+			<InverseName></InverseName>
+			<Caption>fk_content_ablauf_vorgabe</Caption>
+			<InverseCaption></InverseCaption>
+			<RefIntegrityParentUpdate>0</RefIntegrityParentUpdate>
+			<RefIntegrityParentDelete>0</RefIntegrityParentDelete>
+			<RefIntegrityChildUpdate>0</RefIntegrityChildUpdate>
+			<RefIntegrityChildInsert>0</RefIntegrityChildInsert>
+			<Key>
+				<Id>{3C543344-D5D2-429A-A2D4-CD8D872D1CA0}</Id>
+			</Key>
+			<ForeignKeys>
+				<PERForeignKeyPG83 ObjectType="2014" CSAOName="PERForeignKeyPG83">
+					<Id>{44513FD4-A673-4143-857F-65F347CDDB35}</Id>
+					<Name>FK content_id - content_id</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{72A66703-4277-44FA-BAD9-971B402439A1}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<AttrParent>
+						<Id>{E4E659C7-39CF-4EFC-B7FD-EB3BB8D3F089}</Id>
+					</AttrParent>
+					<AttrChild>
+						<Id>{5819A931-4BAA-4262-91B5-6ED6908E7D81}</Id>
+					</AttrChild>
+					<KeyConstraintItem>
+						<Id>{1207D5F4-B063-4B0A-B826-306478756915}</Id>
+					</KeyConstraintItem>
+				</PERForeignKeyPG83>
+			</ForeignKeys>
+			<ToDoItems/>
+			<Deferred>0</Deferred>
+			<Deferrable>0</Deferrable>
+			<MatchType>SIMPLE</MatchType>
+			<CreateIndexToFK>1</CreateIndexToFK>
+		</PERRelationPG83>
+		<PERRelationPG83 ObjectType="2004" CSAOName="PERRelationPG83">
+			<Id>{D5D8FED0-6E7D-4EA7-9AF6-61B1E68B1039}</Id>
+			<Name>fk_benutzer_casetime_zeitaufzeichnung</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{48A29ECF-4317-4B64-B4F4-A619CB319F89}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<O1>
+				<Id>{20863D57-4A76-4276-B1E9-1FF7E0B4C0BB}</Id>
+			</O1>
+			<O2>
+				<Id>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</Id>
+			</O2>
+			<GenerateCode>1</GenerateCode>
+			<Comments></Comments>
+			<Notes></Notes>
+			<Identifying>0</Identifying>
+			<MandatoryParent>0</MandatoryParent>
+			<MandatoryChild>0</MandatoryChild>
+			<CardinalityChild>-1</CardinalityChild>
+			<InverseName></InverseName>
+			<Caption>fk_benutzer_casetime_zeitaufzeichnung</Caption>
+			<InverseCaption></InverseCaption>
+			<RefIntegrityParentUpdate>0</RefIntegrityParentUpdate>
+			<RefIntegrityParentDelete>0</RefIntegrityParentDelete>
+			<RefIntegrityChildUpdate>0</RefIntegrityChildUpdate>
+			<RefIntegrityChildInsert>0</RefIntegrityChildInsert>
+			<Key>
+				<Id>{70EE0BEF-C69B-4791-AEBC-2767B8F1CFB3}</Id>
+			</Key>
+			<ForeignKeys>
+				<PERForeignKeyPG83 ObjectType="2014" CSAOName="PERForeignKeyPG83">
+					<Id>{2A6A277F-32BD-4D48-AA53-B32164DA778B}</Id>
+					<Name>FK uid - uid</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{2DBD7B9C-98F2-47EE-A9AD-8929E0909659}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<AttrParent>
+						<Id>{FB409F67-7476-4E1F-88C7-F3E6BC9BE1C3}</Id>
+					</AttrParent>
+					<AttrChild>
+						<Id>{D410886C-91A8-477E-8FE6-0E448E360620}</Id>
+					</AttrChild>
+					<KeyConstraintItem>
+						<Id>{AA8ACCF4-983D-47F3-B631-844DA7380947}</Id>
+					</KeyConstraintItem>
+				</PERForeignKeyPG83>
+			</ForeignKeys>
+			<ToDoItems/>
+			<Deferred>0</Deferred>
+			<Deferrable>0</Deferrable>
+			<MatchType>SIMPLE</MatchType>
+			<CreateIndexToFK>1</CreateIndexToFK>
+		</PERRelationPG83>
+		<PERRelationPG83 ObjectType="2004" CSAOName="PERRelationPG83">
+			<Id>{FDA5B841-7FCE-4A9D-B890-BA5A1814FBE2}</Id>
+			<Name>fk_zeitaufzeichnung_casetime_zeitaufzeichnung</Name>
+			<Ordinal>0</Ordinal>
+			<HistoryID>{DBA28614-89B6-43D9-AE7F-E8851F4E60CC}</HistoryID>
+			<GlobalOrder>0</GlobalOrder>
+			<O1>
+				<Id>{77732D47-692A-4EE3-9C88-EBAB8B9B85B4}</Id>
+			</O1>
+			<O2>
+				<Id>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</Id>
+			</O2>
+			<GenerateCode>1</GenerateCode>
+			<Comments></Comments>
+			<Notes></Notes>
+			<Identifying>0</Identifying>
+			<MandatoryParent>0</MandatoryParent>
+			<MandatoryChild>0</MandatoryChild>
+			<CardinalityChild>-1</CardinalityChild>
+			<InverseName></InverseName>
+			<Caption>fk_zeitaufzeichnung_casetime_zeitaufzeichnung</Caption>
+			<InverseCaption></InverseCaption>
+			<RefIntegrityParentUpdate>0</RefIntegrityParentUpdate>
+			<RefIntegrityParentDelete>0</RefIntegrityParentDelete>
+			<RefIntegrityChildUpdate>0</RefIntegrityChildUpdate>
+			<RefIntegrityChildInsert>0</RefIntegrityChildInsert>
+			<Key>
+				<Id>{9CFAF12A-068C-4148-ABDE-403C29E0B6CC}</Id>
+			</Key>
+			<ForeignKeys>
+				<PERForeignKeyPG83 ObjectType="2014" CSAOName="PERForeignKeyPG83">
+					<Id>{54AE582F-9DAD-485D-812D-A8338044B7DA}</Id>
+					<Name>FK zeitaufzeichnung_id - zeitaufzeichnung_id</Name>
+					<Ordinal>0</Ordinal>
+					<HistoryID>{921A2657-2B61-43F7-8E9B-7DC27CE40BDD}</HistoryID>
+					<GlobalOrder>0</GlobalOrder>
+					<GenerateCode>1</GenerateCode>
+					<BeforeScript></BeforeScript>
+					<AfterScript></AfterScript>
+					<Notes></Notes>
+					<Comments></Comments>
+					<AttrParent>
+						<Id>{E4012763-A933-4A57-963E-3BD5C15F5B5F}</Id>
+					</AttrParent>
+					<AttrChild>
+						<Id>{010866BD-2A25-4A96-B8AD-7DFB6398AC42}</Id>
+					</AttrChild>
+					<KeyConstraintItem>
+						<Id>{8C707137-8224-4B79-A7D1-7EE9B514EDEF}</Id>
+					</KeyConstraintItem>
+				</PERForeignKeyPG83>
+			</ForeignKeys>
+			<ToDoItems/>
+			<Deferred>0</Deferred>
+			<Deferrable>0</Deferrable>
+			<MatchType>SIMPLE</MatchType>
+			<CreateIndexToFK>1</CreateIndexToFK>
+		</PERRelationPG83>
 	</Relations>
 	<Defaults/>
 	<Rules/>
@@ -251327,6 +253671,7 @@ WHERE NOT (tbl_ablauf.gebiet_id IN ( SELECT tbl_kategorie.gebiet_id
 				<Id>{B72D6C57-76B6-45B6-84A6-F51C8D522E61}</Id>
 				<Id>{D5D18086-CF2A-4207-88FE-1E5B418C14C2}</Id>
 				<Id>{E452884F-8BEB-4A49-84E0-56B882861833}</Id>
+				<Id>{E49A5437-5D94-428C-AC40-CE72A618CEE5}</Id>
 			</Objects>
 			<UserDataTypes/>
 			<DictTypes/>
@@ -251570,6 +253915,7 @@ WHERE NOT (tbl_ablauf.gebiet_id IN ( SELECT tbl_kategorie.gebiet_id
 				<Id>{6893C569-147B-406F-857E-70D36071B417}</Id>
 				<Id>{8F3B3794-6935-42D8-9839-1AEB33CB3160}</Id>
 				<Id>{CAA22AB0-8197-49E6-8AF5-0266033E4032}</Id>
+				<Id>{8C5D4472-9F64-4D25-90D1-26664F9B6911}</Id>
 			</Objects>
 			<UserDataTypes/>
 			<DictTypes/>
diff --git a/system/checksystem.php b/system/checksystem.php
index f5bcbc8c2..bdd7e1d08 100644
--- a/system/checksystem.php
+++ b/system/checksystem.php
@@ -2194,6 +2194,9 @@ if(!$result = @$db->db_query("SELECT ablauf_vorgaben_id FROM testtool.tbl_ablauf
 	$qry = "
 		ALTER TABLE testtool.tbl_ablauf ADD COLUMN ablauf_vorgaben_id integer;
 		ALTER TABLE testtool.tbl_ablauf ADD CONSTRAINT fk_ablauf_vorgaben_id FOREIGN KEY (ablauf_vorgaben_id) REFERENCES testtool.tbl_ablauf_vorgaben(ablauf_vorgaben_id) ON DELETE RESTRICT ON UPDATE CASCADE;
+
+		INSERT INTO testtool.tbl_ablauf_vorgaben(studiengang_kz, sprache, sprachwahl) SELECT studiengang_kz, sprache, testtool_sprachwahl FROM public.tbl_studiengang;
+		UPDATE testtool.tbl_ablauf SET ablauf_vorgaben_id = (SELECT ablauf_vorgaben_id FROM testtool.tbl_ablauf_vorgaben WHERE studiengang_kz=tbl_ablauf.studiengang_kz);
 	";
 
 	if(!$db->db_query($qry))
@@ -2279,7 +2282,7 @@ $tabellen=array(
 	"campus.tbl_zeitsperre"  => array("zeitsperre_id","zeitsperretyp_kurzbz","mitarbeiter_uid","bezeichnung","vondatum","vonstunde","bisdatum","bisstunde","vertretung_uid","updateamum","updatevon","insertamum","insertvon","erreichbarkeit_kurzbz","freigabeamum","freigabevon"),
 	"campus.tbl_zeitsperretyp"  => array("zeitsperretyp_kurzbz","beschreibung","farbe"),
 	"campus.tbl_zeitwunsch"  => array("stunde","mitarbeiter_uid","tag","gewicht","updateamum","updatevon","insertamum","insertvon"),
-	"fue.tbl_aktivitaet"  => array("aktivitaet_kurzbz","beschreibung"),
+	"fue.tbl_aktivitaet"  => array("aktivitaet_kurzbz","beschreibung","sort"),
 	"fue.tbl_aufwandstyp" => array("aufwandstyp_kurzbz","bezeichnung"),
 	"fue.tbl_projekt"  => array("projekt_kurzbz","nummer","titel","beschreibung","beginn","ende","oe_kurzbz","budget","farbe","aufwandstyp_kurzbz"),
 	"fue.tbl_projektphase"  => array("projektphase_id","projekt_kurzbz","projektphase_fk","bezeichnung","beschreibung","start","ende","budget","insertamum","insertvon","updateamum","updatevon","personentage","farbe"),
diff --git a/vilesci/lehre/abgabe_assistenz_details.php b/vilesci/lehre/abgabe_assistenz_details.php
index 58ee8cbaf..f40467818 100644
--- a/vilesci/lehre/abgabe_assistenz_details.php
+++ b/vilesci/lehre/abgabe_assistenz_details.php
@@ -34,6 +34,7 @@ require_once('../../include/benutzerberechtigung.class.php');
 require_once('../../include/datum.class.php');
 require_once('../../include/mail.class.php');
 require_once('../../include/projektarbeit.class.php');
+require_once('../../include/benutzer.class.php');
 
 $user = get_uid();
 $datum_obj = new datum();
@@ -49,7 +50,11 @@ if(isset($_GET['id']) && isset($_GET['uid']) && isset($_GET['pdfread']))
 	//PDF-Ausgabe vom Aufruf Zeile 689
 	if(!is_numeric($_GET['id']) || $_GET['id']=='')
 		die('Fehler bei Parameteruebergabe');
-	
+
+	$benutzer = new benutzer();
+	if(!$benutzer->load($_GET['uid']))
+		die('User existiert nicht');
+
 	$file = $_GET['id'].'_'.$_GET['uid'].'.pdf';
 	$filename = PAABGABE_PATH.$file;
 
diff --git a/vilesci/lehre/ferienverwaltung.php b/vilesci/lehre/ferienverwaltung.php
index 6125096cd..1826201d9 100644
--- a/vilesci/lehre/ferienverwaltung.php
+++ b/vilesci/lehre/ferienverwaltung.php
@@ -91,7 +91,7 @@
 		if(!$rechte->isBerechtigt('basis/ferien', null, 'sui'))
 			die('Sie haben keine Berechtigung zum anlegen oder ändern von Ferien');
 		
-		$sql_query="SELECT bezeichnung FROM lehre.tbl_ferien WHERE bezeichnung='".$_POST['bezeichnung']."';";
+		$sql_query="SELECT bezeichnung FROM lehre.tbl_ferien WHERE bezeichnung=".$db->db_add_param($_POST['bezeichnung']).";";
 		$db->db_num_rows($db->db_query($sql_query));		
 			
 		//Formulardaten pruefen
@@ -123,10 +123,10 @@
 		else
 		{
 			$sql_query="INSERT INTO lehre.tbl_ferien (studiengang_kz, bezeichnung, vondatum, bisdatum) VALUES(
-			'".$_POST['studiengang_kz']."',
+			".$db->db_add_param($_POST['studiengang_kz'], FHC_INTEGER).",
 			".$db->db_add_param($_POST['bezeichnung']).",
-			'".$datum_obj->formatDatum($_POST['vondatum'],'Y-m-d')."',
-			'".$datum_obj->formatDatum($_POST['bisdatum'],'Y-m-d')."');";
+			".$db->db_add_param($datum_obj->formatDatum($_POST['vondatum'],'Y-m-d')).",
+			".$db->db_add_param($datum_obj->formatDatum($_POST['bisdatum'],'Y-m-d')).");";
 			//echo $sql_query;
 			$db->db_query($sql_query);
 			$stg_kz = $_POST['studiengang_kz'];
@@ -138,7 +138,7 @@
 		if(!$rechte->isBerechtigt('basis/ferien', null, 'suid'))
 			die('Sie haben keine Berechtigung zum löschen von Ferien');
 			
-		$sql_query = "DELETE FROM lehre.tbl_ferien WHERE bezeichnung='$bezeichnung' AND studiengang_kz='$stg_kz'";
+		$sql_query = "DELETE FROM lehre.tbl_ferien WHERE bezeichnung=".$db->db_add_param($bezeichnung)." AND studiengang_kz=".$db->db_add_param($stg_kz, FHC_INTEGER);
 		$result = $db->db_query($sql_query);
 		if ($db->db_affected_rows($result)==1)
 		 echo '<span class="insertok">Eintrag erfolgreich gelöscht</span><br>';
@@ -223,7 +223,7 @@
 	{		
 		$qry="SELECT * FROM lehre.tbl_ferien ";
 		if ($stg_kz!=-1)
-			$qry.=" WHERE studiengang_kz='".$stg_kz."'";
+			$qry.=" WHERE studiengang_kz=".$db->db_add_param($stg_kz, FHC_INTEGER);
 					
 		$qry.=" ORDER BY vondatum DESC;";	
 		//echo $qry;
@@ -264,4 +264,4 @@
 	echo '
 			</body>
 			</html>';
-?>
\ No newline at end of file
+?>
diff --git a/vilesci/lehre/incoming_delete.php b/vilesci/lehre/incoming_delete.php
index 3eb891ac6..c8110acea 100644
--- a/vilesci/lehre/incoming_delete.php
+++ b/vilesci/lehre/incoming_delete.php
@@ -21,29 +21,38 @@
  *          Gerald Simane-Sequens 	< gerald.simane-sequens@technikum-wien.at >
  *			Manfred Kindl < manfred.kindl@technikum-wien.at >
  */
- 
-	/**
-	 *	@updated 11.09.2012 kindl
-	 *
-	 */
-		require_once('../../config/vilesci.config.inc.php');
-		require_once('../../include/basis_db.class.php');
-		if (!$db = new basis_db())
-				die('Es konnte keine Verbindung zum Server aufgebaut werden.');
+/**
+ *	@updated 11.09.2012 kindl
+ *
+ */
+require_once('../../config/vilesci.config.inc.php');
+require_once('../../include/basis_db.class.php');
+require_once('../../include/functions.inc.php');
+require_once('../../include/benutzerberechtigung.class.php');
+
+if (!$db = new basis_db())
+	die('Es konnte keine Verbindung zum Server aufgebaut werden.');
+
+$user = get_uid();
 			
-	//Spezialgruppen für DropDown
-	$sql_query="SELECT gruppe_kurzbz FROM public.tbl_gruppe WHERE studiengang_kz=10006 AND aktiv=true AND sichtbar=true ORDER BY gruppe_kurzbz";
-	//echo $sql_query."<br>";
-	$result_incgrp=$db->db_query($sql_query);
-	if(!$result_incgrp)
-		die("Keine Incoming-Gruppen gefunden! ".$db->db_last_error());
-		
-	$incgrp=(isset($_REQUEST['incgrp'])?$_REQUEST['incgrp']:'');	
-	$lehreinheit_id=(isset($_REQUEST['lehreinheit_id'])?$_REQUEST['lehreinheit_id']:'');	
-	$type=(isset($_REQUEST['type'])?$_REQUEST['type']:'');
+$rechte = new benutzerberechtigung();
+$rechte->getBerechtigungen($user);
+
+if(!$rechte->isBerechtigt('lehre/lvplan', null, 'suid'))
+	die('Sie haben keine Berechtigung für diese Seite');
+
+//Spezialgruppen für DropDown
+$sql_query="SELECT gruppe_kurzbz FROM public.tbl_gruppe WHERE studiengang_kz=10006 AND aktiv=true AND sichtbar=true ORDER BY gruppe_kurzbz";
+//echo $sql_query."<br>";
+$result_incgrp=$db->db_query($sql_query);
+if(!$result_incgrp)
+	die("Keine Incoming-Gruppen gefunden! ".$db->db_last_error());
+	
+$incgrp=(isset($_REQUEST['incgrp'])?$_REQUEST['incgrp']:'');	
+$lehreinheit_id=(isset($_REQUEST['lehreinheit_id'])?$_REQUEST['lehreinheit_id']:'');	
+$type=(isset($_REQUEST['type'])?$_REQUEST['type']:'');
 
 ?>
-
 <html>
 <head>
 <title>Incoming löschen</title>
@@ -96,16 +105,16 @@ if ($type=="save")
 	if (!$error)
 	{
 			$sql_query="DELETE FROM lehre.tbl_stundenplandev 
-						WHERE lehreinheit_id=".$_POST['lehreinheit_id']."						
-						AND gruppe_kurzbz='".$_POST['incgrp']."';
+						WHERE lehreinheit_id=".$db->db_add_param($_POST['lehreinheit_id'], FHC_INTEGER)."						
+						AND gruppe_kurzbz=".$db->db_add_param($_POST['incgrp']).";
 						
 						DELETE FROM lehre.tbl_stundenplan 
-						WHERE lehreinheit_id=".$_POST['lehreinheit_id']."						
-						AND gruppe_kurzbz='".$_POST['incgrp']."';
+						WHERE lehreinheit_id=".$db->db_add_param($_POST['lehreinheit_id'], FHC_INTEGER)."						
+						AND gruppe_kurzbz=".$db->db_add_param($_POST['incgrp'], FHC_INTEGER).";
 						
 						DELETE FROM lehre.tbl_lehreinheitgruppe 
-						WHERE lehreinheit_id=".$_POST['lehreinheit_id']."						
-						AND gruppe_kurzbz='".$_POST['incgrp']."';";
+						WHERE lehreinheit_id=".$db->db_add_param($_POST['lehreinheit_id'])."						
+						AND gruppe_kurzbz=".$db->db_add_param($_POST['incgrp']).";";
 			//echo $sql_query;
 			$result=$db->db_query($sql_query);
 			if(!$result)
@@ -114,7 +123,7 @@ if ($type=="save")
 				$error=true;
 			}
 			else
-				echo "<strong>Lehreinheit:</strong> ".$_POST['lehreinheit_id']." - <strong>Gruppe:</strong> ".$_POST['incgrp']." -- <strong>Gelöscht!</strong><br>";
+				echo "<strong>Lehreinheit:</strong> ".$db->convert_html_chars($_POST['lehreinheit_id'])." - <strong>Gruppe:</strong> ".$db->convert_html_chars($_POST['incgrp'])." -- <strong>Gelöscht!</strong><br>";
 
 		if (!$error)
 			echo "<br><font style='color:green'><strong>Gruppe erfolgreich gelöscht</strong></font><br>";
diff --git a/vilesci/lehre/stpl_benutzer_kollision.php b/vilesci/lehre/stpl_benutzer_kollision.php
index 213b87e6a..4114dd411 100644
--- a/vilesci/lehre/stpl_benutzer_kollision.php
+++ b/vilesci/lehre/stpl_benutzer_kollision.php
@@ -19,23 +19,19 @@
  *          Andreas Oesterreicher 	< andreas.oesterreicher@technikum-wien.at >
  *          Rudolf Hangl 		< rudolf.hangl@technikum-wien.at >
  *          Gerald Simane-Sequens 	< gerald.simane-sequens@technikum-wien.at >
- */
- 
- 
- 
+ */ 
 /*
  * Fuehrt eine Kollisionspruefung im Stundenplan auf Studentenebene durch
  */
-		require_once('../../config/vilesci.config.inc.php');
-		require_once('../../include/basis_db.class.php');
-		if (!$db = new basis_db())
-				die('Es konnte keine Verbindung zum Server aufgebaut werden.');
-			
-			
-	require_once('../../include/studiensemester.class.php');
-	require_once('../../include/functions.inc.php');
-	require_once('../../include/studiengang.class.php');
+require_once('../../config/vilesci.config.inc.php');
+require_once('../../include/basis_db.class.php');			
+require_once('../../include/studiensemester.class.php');
+require_once('../../include/functions.inc.php');
+require_once('../../include/studiengang.class.php');
+require_once('../../include/benutzerberechtigung.class.php');
 
+if (!$db = new basis_db())
+	die('Es konnte keine Verbindung zum Server aufgebaut werden.');
 
 $beginn = (isset($_GET['beginn'])?$_GET['beginn']:'');
 $ende = (isset($_GET['ende'])?$_GET['ende']:'');
@@ -43,9 +39,16 @@ $stg_kz = (isset($_GET['stg_kz'])?$_GET['stg_kz']:'');
 $dontloadcontent=false;
 
 $user = get_uid();
+
+$rechte = new benutzerberechtigung();
+$rechte->getBerechtigungen($user);
+
+if(!$rechte->isBerechtigt('lehre/lvplan'))
+	die('Sie haben keine Berechtigung für diese Seite');
+
 loadVariables($user);
 if (empty($db_stpl_table))
-	die("Bitte die Variablenwarten! db_stpl_table ist leer");
+	die("Bitte die Variablen warten! db_stpl_table ist leer");
 
 echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <html>
@@ -125,7 +128,7 @@ if($stg_kz=='')
 {
 	$qry = "SELECT datum, stunde, student_uid, count(student_uid) AS anzahl
 			FROM lehre.vw_".$db_stpl_table."_student_unr
-			WHERE datum>='$beginn' AND datum<='$ende'
+			WHERE datum>=".$db->db_add_param($beginn)." AND datum<=".$db->db_add_param($ende)."
 			GROUP BY datum, stunde, student_uid
 			HAVING count(student_uid)>1
 			ORDER BY datum, stunde, student_uid LIMIT 30; 
@@ -135,7 +138,7 @@ else
 {
 	$qry = "SELECT datum, stunde, student_uid, count(student_uid) AS anzahl
 			FROM lehre.vw_".$db_stpl_table."_student_unr JOIN public.tbl_student USING(student_uid)
-			WHERE datum>='$beginn' AND datum<='$ende' AND studiengang_kz='$stg_kz'
+			WHERE datum>=".$db->db_add_param($beginn)." AND datum<=".$db->db_add_param($ende)." AND studiengang_kz=".$db->db_add_param($stg_kz)."
 			GROUP BY datum, stunde, student_uid
 			HAVING count(student_uid)>1
 			ORDER BY datum, stunde, student_uid LIMIT 30; 
@@ -174,4 +177,4 @@ echo '</tbody></table>';
 if($result && $db->db_num_rows($result)>=30)
 	echo 'Info: Es werden nur die ersten 30 Eintr&auml;ge angezeigt!';
 echo '</body></html';
-?>
\ No newline at end of file
+?>
diff --git a/vilesci/lehre/stpl_benutzer_kollision_details.php b/vilesci/lehre/stpl_benutzer_kollision_details.php
index 57999e036..2a8d484fa 100644
--- a/vilesci/lehre/stpl_benutzer_kollision_details.php
+++ b/vilesci/lehre/stpl_benutzer_kollision_details.php
@@ -20,16 +20,16 @@
  *          Rudolf Hangl 		< rudolf.hangl@technikum-wien.at >
  *          Gerald Simane-Sequens 	< gerald.simane-sequens@technikum-wien.at >
  */
-
-		require_once('../../config/vilesci.config.inc.php');
-		require_once('../../include/basis_db.class.php');
-		if (!$db = new basis_db())
-				die('Es konnte keine Verbindung zum Server aufgebaut werden.');
-			
+require_once('../../config/vilesci.config.inc.php');
+require_once('../../include/basis_db.class.php');			
 require_once('../../include/studiensemester.class.php');
 require_once('../../include/functions.inc.php');
 require_once('../../include/studiengang.class.php');
 require_once('../../include/stundenplan.class.php');
+require_once('../../include/benutzerberechtigung.class.php');
+
+if (!$db = new basis_db())
+	die('Es konnte keine Verbindung zum Server aufgebaut werden.');
 
 
 $student_uid = (isset($_GET['uid'])?$_GET['uid']:'');
@@ -37,6 +37,13 @@ $datum = (isset($_GET['datum'])?$_GET['datum']:'');
 $stunde = (isset($_GET['stunde'])?$_GET['stunde']:'');
 
 $user = get_uid();
+
+$rechte = new benutzerberechtigung();
+$rechte->getBerechtigungen($user);
+
+if(!$rechte->isBerechtigt('lehre/lvplan'))
+	die('Sie haben keine Berechtigung für diese Seite');
+
 loadVariables($user);
 
 echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
@@ -84,7 +91,7 @@ if($student_uid!='')
 	echo "<h2>UNR - $db_stpl_table</h2>";
 	$qry = "SELECT datum, stunde, student_uid, unr
 			FROM  lehre.vw_".$db_stpl_table."_student_unr
-			WHERE datum='$datum' AND stunde='$stunde' AND student_uid='$student_uid'
+			WHERE datum=".$db->db_add_param($datum)." AND stunde=".$db->db_add_param($stunde)." AND student_uid=".$db->db_add_param($student_uid)."
 			ORDER BY unr LIMIT 30; 
 		   ";
 	
@@ -105,7 +112,7 @@ if($student_uid!='')
 		{
 			$gruppen='';
 			$qry = "SELECT distinct studiengang_kz, semester, verband, gruppe, gruppe_kurzbz FROM lehre.tbl_lehreinheit JOIN lehre.tbl_lehreinheitgruppe USING(lehreinheit_id) 
-			        WHERE unr='$row->unr'";
+			        WHERE unr=".$db->db_add_param($row->unr);
 			if($result_grp = $db->db_query($qry))
 			{
 				while($row_grp = $db->db_fetch_object($result_grp))
@@ -135,7 +142,7 @@ else
 	echo "<h2>Stundenplaneinträge - $db_stpl_table</h2>";
 	
 	
-	$qry = "SELECT * FROM lehre.tbl_$db_stpl_table WHERE datum='$datum' AND stunde='$stunde'";
+	$qry = "SELECT * FROM lehre.tbl_$db_stpl_table WHERE datum=".$db->db_add_param($datum)." AND stunde=".$db->db_add_param($stunde);
 	
 	echo '<table class="liste table-autosort:0 table-stripeclass:alternate table-autostripe">
 		<thead>';
@@ -183,4 +190,4 @@ else
 }
 
 echo '</body></html>';
-?>
\ No newline at end of file
+?>
diff --git a/vilesci/personen/funktion_det.php b/vilesci/personen/funktion_det.php
index 8fffd5de2..11eba248b 100644
--- a/vilesci/personen/funktion_det.php
+++ b/vilesci/personen/funktion_det.php
@@ -181,7 +181,7 @@ if (!$funktion->load($kurzbz))
 					public.tbl_benutzer, 
 					public.tbl_organisationseinheit
 				WHERE 
-					funktion_kurzbz='".addslashes($kurzbz)."' AND
+					funktion_kurzbz=".$db->db_add_param($kurzbz)." AND
 					tbl_benutzerfunktion.uid=tbl_benutzer.uid AND
 					tbl_benutzer.person_id=tbl_person.person_id AND
 					tbl_benutzerfunktion.oe_kurzbz=tbl_organisationseinheit.oe_kurzbz";
diff --git a/vilesci/personen/preinteressent_uebersicht.php b/vilesci/personen/preinteressent_uebersicht.php
index 02fb1ffbd..d9109949c 100644
--- a/vilesci/personen/preinteressent_uebersicht.php
+++ b/vilesci/personen/preinteressent_uebersicht.php
@@ -234,10 +234,10 @@ if(isset($_GET['action']))
 			$anzahl_freigegeben=0;
 			$anzahl_fehler=0;
 			$qry = "SELECT * FROM public.tbl_preinteressentstudiengang 
-					WHERE preinteressent_id='".addslashes($_GET['id'])."' 
+					WHERE preinteressent_id=".$this->db_add_param($_GET['id'])."
 						  AND prioritaet = (SELECT max(prioritaet) 
 						  					FROM public.tbl_preinteressentstudiengang 
-						  					WHERE preinteressent_id='".addslashes($_GET['id'])."')
+						  					WHERE preinteressent_id=".$this->db_add_param($_GET['id']).")
 						  AND freigabedatum is null";
 			//Zuordnungen holen die noch nicht freigegeben wurden und die hoechste Prioritaet haben
 			if($result = $db->db_query($qry))
@@ -245,7 +245,10 @@ if(isset($_GET['action']))
 				while($row = $db->db_fetch_object($result))
 				{
 					//Nur diejenigen nehmen die noch nicht als Prestudent vorhanden sind
-					$qry = "SELECT count(*) as anzahl FROM public.tbl_preinteressent JOIN public.tbl_prestudent USING(person_id) WHERE preinteressent_id='$row->preinteressent_id' AND studiengang_kz='$row->studiengang_kz'";
+					$qry = "SELECT count(*) as anzahl FROM public.tbl_preinteressent JOIN public.tbl_prestudent USING(person_id) 
+						WHERE preinteressent_id=".$db->db_add_param($row->preinteressent_id)." 
+						AND studiengang_kz=".$db->db_add_param($row->studiengang_kz);
+
 					if($result_std = $db->db_query($qry))
 					{
 						if($row_std = $db->db_fetch_object($result_std))
@@ -264,7 +267,7 @@ if(isset($_GET['action']))
 									//MAIL an Assistenz verschicken
 									$qry_person = "SELECT vorname, nachname 
 													FROM public.tbl_person JOIN public.tbl_preinteressent USING(person_id) 
-													WHERE preinteressent_id='$row->preinteressent_id'";
+													WHERE preinteressent_id=".$db->db_add_param($row->preinteressent_id);
 									$name='';
 									if($result_person = $db->db_query($qry_person))
 										if($row_person = $db->db_fetch_object($result_person))
@@ -272,7 +275,7 @@ if(isset($_GET['action']))
 									$stg_obj = new studiengang();
 									$stg_obj->load($row->studiengang_kz);
 									$to = $stg_obj->email;
-									//$to = 'oesi@technikum-wien.at';
+
 									$message = "Dies ist eine automatische Mail! $stg_obj->email\n\n".
 												"Der Preinteressent $name wurde zur Übernahme freigegeben. \nSie können diesen ".
 												"im FAS unter 'Extras->Preinteressenten übernehmen' oder unter folgendem Link\n\n".
@@ -409,7 +412,7 @@ if(!empty ($_GET))
 		
 		echo "<td>$person->geschlecht</td>";
 		//EMail
-		$qry = "SELECT kontakt FROM public.tbl_kontakt WHERE person_id='$person->person_id' AND kontakttyp='email' 
+		$qry = "SELECT kontakt FROM public.tbl_kontakt WHERE person_id=".$db->db_add_param($person->person_id)." AND kontakttyp='email' 
 				ORDER BY zustellung DESC LIMIT 1";
 		echo '<td>';
 		if($result_mail = $db->db_query($qry))
@@ -449,7 +452,10 @@ if(!empty ($_GET))
 		{
 			//auch jene als freigegeben anzeigen die schon im studiengang angelegt sind 
 			//obwohl der preinteressent nicht freigegeben wurde. (bewerbung direkt beim studiengang)
-			$qry = "SELECT prestudent_id FROM public.tbl_prestudent WHERE person_id='$row->person_id' AND studiengang_kz='$row_freigaben->studiengang_kz'";
+			$qry = "SELECT prestudent_id FROM public.tbl_prestudent 
+				WHERE person_id=".$db->db_add_param($row->person_id)." 
+				AND studiengang_kz=".$db->db_add_param($row_freigaben->studiengang_kz);
+
 			$result_chkstg = $db->db_query($qry);
 			
 			if($row_freigaben->freigabedatum!='' || ($result_chkstg &&  $db->db_num_rows($result_chkstg)>0))
@@ -486,4 +492,4 @@ if(!empty ($_GET))
 
 echo '</body>';
 echo '</html>';
-?>
\ No newline at end of file
+?>
diff --git a/vilesci/personen/student_edit.php b/vilesci/personen/student_edit.php
index 471cb130b..18b7a1c5a 100644
--- a/vilesci/personen/student_edit.php
+++ b/vilesci/personen/student_edit.php
@@ -29,14 +29,13 @@
  *                      (WM)
  */
 
-	require_once('../../config/vilesci.config.inc.php');
-
-	require_once('../../include/functions.inc.php');
-	require_once('../../include/person.class.php');
-	require_once('../../include/benutzer.class.php');
-	require_once('../../include/student.class.php');
-	require_once('../../include/studiengang.class.php');
-
+require_once('../../config/vilesci.config.inc.php');
+require_once('../../include/functions.inc.php');
+require_once('../../include/person.class.php');
+require_once('../../include/benutzer.class.php');
+require_once('../../include/student.class.php');
+require_once('../../include/studiengang.class.php');
+require_once('../../include/benutzerberechtigung.class.php');
 
 echo '
 <html>
@@ -51,6 +50,12 @@ echo '
 
 $user = get_uid();
 
+$rechte = new benutzerberechtigung();
+$rechte->getBerechtigungen($user);
+
+if(!$rechte->isBerechtigt('student/stammdaten',null, 'suid'))
+	die('Sie haben keine Berechtigung für diese Seite');
+
 echo '<h2>Student ';
 if (isset($_GET['new']))
 	echo 'Neu</h2>';
@@ -228,4 +233,4 @@ function doEDIT($id,$new=false)
 ?>
 
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/vilesci/statistik/statistik_sql.php b/vilesci/statistik/statistik_sql.php
index fa3bc9c35..76b020d5d 100644
--- a/vilesci/statistik/statistik_sql.php
+++ b/vilesci/statistik/statistik_sql.php
@@ -20,7 +20,11 @@
  *          Karl Burkhart <karl.burkhart@technikum-wien.at>.
  */
 require_once('../../config/vilesci.config.inc.php');
+require_once('../../include/functions.inc.php');
 require_once('../../include/statistik.class.php');
+require_once('../../include/benutzerberechtigung.class.php');
+
+$uid = get_uid();
 
 if(!isset($_GET['statistik_kurzbz']))
 	die('Statistik_kurzbz Parameter fehlt');
@@ -60,6 +64,14 @@ $statistik = new statistik();
 if(!$statistik->load($statistik_kurzbz))
 	die($statistik->errormsg);
 
+if($statistik->berechtigung_kurzbz!='')
+{
+	$rechte = new benutzerberechtigung();
+	$rechte->getBerechtigungen($uid);
+	if(!$rechte->isBerechtigt($statistik->berechtigung_kurzbz))
+		die('Sie haben keine Berechtigung für diese Seite');
+}
+
 $html.= '<h2>Statistik - '.$statistik->bezeichnung.'</h2>';
 
 if ($statistik->loadData())