diff --git a/ag/auktion.php b/ag/auktion.php
index a2daf94..9099788 100644
--- a/ag/auktion.php
+++ b/ag/auktion.php
@@ -53,6 +53,10 @@ function stelleBietenMaskeDar($userid,$auktionsid,$gebot){
 		}
 	}
 	$auktionsdaten = getEntryInformation($auktionsid);
+	if ($auktionsdaten === NULL) {
+		displayErrorMessage(NULL, 'Auktion ist nicht mehr verfügbar!!',displayHistoryBackLink());	
+		return;
+	}
 ?>
 	<form action="" method=GET>
 		<input type="hidden" name="as" value="auktion"></input>
@@ -329,6 +333,11 @@ function stelleAuktionsuebersichtDar($userid,$kategorie,$itemnamepart,$entries,$
 
 function zieheAuktionZurueck($userid,$auktionsid,$pay){
 	$auktionsdaten = getEntryInformation($auktionsid);
+	if ($auktionsdaten === NULL) {
+		displayErrorMessage(NULL, 'Auktion ist nicht mehr verf&uuml;gbar!!',displayHistoryBackLink());	
+		return;
+	}
+
 
 	if($pay == NULL || $pay == ''){
 		// Nix eigentlich!!
diff --git a/ag/gm/log.php b/ag/gm/log.php
index a1862d2..593ba4c 100644
--- a/ag/gm/log.php
+++ b/ag/gm/log.php
@@ -17,6 +17,7 @@
 
 include_once('../path.inc.php'); // get the path ;)
 include_once(ROOT_PATH.'/include/config/db.inc.php');
+include_once(ROOT_PATH.'/include/sqlwrapper.inc.php');
 
 function getChatMessages(){
 	$result = db_query('SELECT *, Minute(zeit) as m, Hour(zeit) as h, DAY(zeit) as d , MONTH(zeit) as mon FROM ag_chat ORDER BY ID desc');
diff --git a/ag/inclu/toplists.inc.php b/ag/inclu/toplists.inc.php
index 5e52673..f379025 100644
--- a/ag/inclu/toplists.inc.php
+++ b/ag/inclu/toplists.inc.php
@@ -7,11 +7,16 @@
  */
 
 include_once(ROOT_PATH.'/include/config/toplists.inc.php');
+
+$toplist_string = '';
+if (count($toplist) > 0 ) {
+	$toplist_string = join('<br>', $toplist);
+}
 ?>
 <div id="toplists"></div>
 <script type="text/javascript">
 	function showToplists(){
-		document.getElementById("toplists").innerHTML = '<?php echo join('<br>', $toplist); ?>';
+		document.getElementById("toplists").innerHTML = '<?php echo $toplist_string; ?>';
 	}
 	showToplists();
 </script>
diff --git a/ag/include/auktion_functions.inc.php b/ag/include/auktion_functions.inc.php
index 3086e91..e3cb965 100644
--- a/ag/include/auktion_functions.inc.php
+++ b/ag/include/auktion_functions.inc.php
@@ -21,6 +21,8 @@
 include_once(ROOT_PATH.'/include/config.inc.php');
 include_once(ROOT_PATH.'/include/messagefunctions.inc.php');
 include_once(ROOT_PATH.'/include/semaphore.inc.php');
+include_once(ROOT_PATH.'/include/fehlerausgabe.inc.php');
+
 
 
 // Funktion um das aktuelle Mindestgebot einer Auktion zu ermitteln!
diff --git a/ag/include/char.inc.php b/ag/include/char.inc.php
index ed3ed8b..b9c19a5 100644
--- a/ag/include/char.inc.php
+++ b/ag/include/char.inc.php
@@ -318,7 +318,7 @@ function getAttacksforChar($charid, $mode = 0) {
 	}
 
 	// First sql to include all currently learnable attacks
-	$sql = 'SELECT a.name, a.id, a.level, a.geld, if(find_in_set(\'0\', req_atk) = 0, a.req_atk, substr(a.req_atk, 1, locate(\',0\', a.req_atk) - 1)) as req_atk, ifnull(l.benutzt, 0) as benutzt, if(l.benutzt is null,1,0) as unknown from attacken a left join lernen l on a.id = l.at_id AND l.besitzer = '.$char['id']. ' where find_in_set('.$char_race.', a.rassen) <> 0 '.$sql_append1;
+	$sql = 'SELECT a.name, a.id, a.level, a.geld, if(find_in_set(\'0\', req_atk) = 0, a.req_atk, substr(a.req_atk, 1, locate(\',0\', a.req_atk) - 1)) as req_atk, ifnull(l.benutzt, 0) as benutzt, if(l.benutzt is null,1,0) as unknown from attacken a left join lernen l on a.id = l.at_id AND l.besitzer = '.$char['id']. ' where find_in_set('.$char_race.', a.rassen) <> 0 or l.benutzt is not null '.$sql_append1;
 	// Second sql to include all currently not learnable attacks (due to an other fruit or fusion race)
 	$sql2 = 'SELECT a.name, a.id, a.level, a.geld, if(find_in_set(\'0\', req_atk) = 0, a.req_atk, substr(a.req_atk, 1, locate(\',0\', a.req_atk) - 1)) as req_atk, ifnull(l.benutzt, 0) as benutzt, if(l.benutzt is null,1,0) as unknown from lernen l inner join attacken a on l.at_id = a.id where besitzer = '.$char['id'].' and find_in_set('.$char_race.', a.rassen) = 0 '.$sql_append2;
 
diff --git a/ag/include/cheater.inc.php b/ag/include/cheater.inc.php
index af7d6b7..7d07ef5 100644
--- a/ag/include/cheater.inc.php
+++ b/ag/include/cheater.inc.php
@@ -36,8 +36,8 @@ function detectNonCodeEnterers(){
 	while($row = mysqli_fetch_assoc($qry)){
 		$sql = 'Insert into bot_image_failures(userid, inserted, valid, used) values('.$row['userid'].', \'!NOTHING!\', \''.$row['compressed_phrase'].'\', \''.$row['created'].'\')';
 //		echo $sql.'<br>';
-		db_query($sql);
+		silent_query($sql);
 	}
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/ag/include/erstellfunctions.inc.php b/ag/include/erstellfunctions.inc.php
index c592bda..83ddfd5 100644
--- a/ag/include/erstellfunctions.inc.php
+++ b/ag/include/erstellfunctions.inc.php
@@ -107,7 +107,7 @@ function erstelleChar($user, $rassen_id, $newname = '', $picture = '', $lvl = 1,
 						'\'0,'.calculateRequiredExpChars($lvl).'\'' .
 						')';
 	//echo $sql.'<br>';
-	$identifier = db_query($sql);
+	$identifier = silent_query($sql);
 	if($identifier == FALSE){
 		if(mysqli_fetch_assoc(db_query('Select id from chars where name = \''.$newname.'\''))){
 			displayErrorMessage(NULL,'Name schon vorhanden!!',displayHistoryBackLink());
diff --git a/ag/include/parse.inc.php b/ag/include/parse.inc.php
index 8074523..3a765ef 100644
--- a/ag/include/parse.inc.php
+++ b/ag/include/parse.inc.php
@@ -306,6 +306,8 @@ function validateStringCritical($value) {
 	if($value == null) {
 		return null;
 	}
+	if(preg_match('#[\\\'"()\]\[\s]#', $value))
+		return '';
 	$value = validateString($value);
 	return preg_replace('#[()\]\[\s]#', '', $value);
 }
diff --git a/ag/index.php b/ag/index.php
index 6c0d358..c28bce5 100644
--- a/ag/index.php
+++ b/ag/index.php
@@ -83,6 +83,9 @@ if (top != self)
 							<div style="position:absolute; top:90px; left:275px; z-index:2">
 								<a href="http://wiki.animegame.eu" target="_blank"><img border="0" src="design/bilder/buttons/test.jpg" ></a>
 							</div>
+							<div style="position:absolute; top:90px; left:355px; z-index:2">
+								<a href="https://www.animegame.eu/game/blog" target="_blank"><img border="0" src="design/bilder/buttons/blog.jpg" ></a>
+							</div>
 						</div>
 
 						</div>
diff --git a/ag/last_fight2.php b/ag/last_fight2.php
index 060e0f3..41c48e3 100644
--- a/ag/last_fight2.php
+++ b/ag/last_fight2.php
@@ -14,7 +14,7 @@ include_once(ROOT_PATH.'/include/parse.inc.php');
 
 // GET-Section
 // Kritisch (SQL-Injections)
-$spleoic = validateString($_GET['spleoic']);
+$spleoic = validateStringCritical($_GET['spleoic']);
 $kampf_id = validateUnsignedInteger($_GET['kampf_id'], null);
 $art = validateString($_GET['art']);
 
@@ -24,9 +24,9 @@ $art = validateString($_GET['art']);
 if(!$spleoic) { $spleoic = "top_kampf";
 } else {
 echo "<p align=center>$back<br>&nbsp;<br>";
-$kampf2 = mysqli_fetch_array(db_query("SELECT id FROM $spleoic ORDER BY id ASC LIMIT 1"));
-$kampf1 = mysqli_fetch_array(db_query("SELECT * FROM $spleoic WHERE id='$kampf_id' LIMIT 1"));
-$turnier_uids = mysqli_fetch_array(db_query("SELECT id FROM $spleoic WHERE art='$art' ORDER BY id ASC"));
+$kampf2 = mysqli_fetch_array(db_query("SELECT id FROM `$spleoic` ORDER BY id ASC LIMIT 1"));
+$kampf1 = mysqli_fetch_array(db_query("SELECT * FROM `$spleoic` WHERE id='$kampf_id' LIMIT 1"));
+$turnier_uids = mysqli_fetch_array(db_query("SELECT id FROM `$spleoic` WHERE art='$art' ORDER BY id ASC"));
 
 
 
diff --git a/ag/markt.php b/ag/markt.php
index eed78fa..1445c8f 100644
--- a/ag/markt.php
+++ b/ag/markt.php
@@ -43,6 +43,13 @@ $oder = validateStringCritical($_GET['oder']);
 $ords = validateStringCritical($_GET['ords']);
 $charm = validateString($_GET['charm']);
 
+if( strlen($ords) > 10 ) {
+	unset($ords);
+}
+if( strlen($oder) > 10 ) {
+	unset($oder);
+}
+
 // Unkritisch
 $as = $_GET['as'];
 
diff --git a/ag/nachricht.php b/ag/nachricht.php
index bf4f94c..bfecf77 100644
--- a/ag/nachricht.php
+++ b/ag/nachricht.php
@@ -133,11 +133,13 @@ function displayMessage($userid,$nr){//if($charm == 3) {
 
 
 function deleteMessage($userid,$nachrichten){
-	if(isset($nachrichten)){
+	if(isset($nachrichten) && count($nachrichten) > 0 ){
 		$weiter_an = '<a href="index.php?as=nachricht">weiter...</a>';
 //		echo implode(',', $nachrichten);
 		db_query('DELETE FROM nachricht WHERE besitzer='.$userid.' AND id IN ('.implode(',',$nachrichten).')');
 		displayErrorMessage('&Auml;nderungen &uuml;bernommen','Nachrichten Erfolgreich gel&ouml;scht',$weiter_an);
+	} else if(isset($nachrichten) && count($nachrichten) == 0) {
+                displayErrorMessage(NULL, 'Nachrichten konnten nicht gel&ouml;scht werden, da keine ausgew&auml;hlt wurden.',displayHistoryBackLink());
 	} else{
 		displayErrorMessage(NULL, 'Nachrichten konnten nicht gel&ouml;scht werden',displayHistoryBackLink());
 	}
diff --git a/ag/turnier.php b/ag/turnier.php
index 5d78462..7eaa43c 100644
--- a/ag/turnier.php
+++ b/ag/turnier.php
@@ -25,7 +25,7 @@ $charm = $_GET['charm'];
 
 function anmelden($user, $charid, $art){
 	// Security
-	if($art != 'klein' && $art != 'wochen'){
+	if($art != 'klein' && $art != 'wochen' && $art != 'wochenst'){
 		displayErrorMessage(NULL,'Es ist ein Fehler beim Anmelden aufgetreten!!','<a href="index.php">weiter...</a>');
 		return;
 	}
diff --git a/ag/turnier_auswahl.php b/ag/turnier_auswahl.php
index 16e8032..edd0958 100644
--- a/ag/turnier_auswahl.php
+++ b/ag/turnier_auswahl.php
@@ -27,14 +27,14 @@
 		<td>&nbsp;</td>
 		<td valign="top" align="center">
 			<a href='javascript:kampf("wochenst");'>
-				<img border="0" src="design/bilder/buttons/wt-turnier.jpg" title="Das Turnier ist einmal die Woche, Samstags um 15 Uhr. (64 Spieler ohne Fusionen)" width="150" height="150" />
+				<img border="0" src="design/bilder/buttons/wts-turnier.jpg" title="Das Turnier ist einmal die Woche, Samstags um 15 Uhr. (64 Spieler ohne Fusionen)" width="150" height="150" />
 			</a>
 		</td>
 	</tr>
 	<tr>
 		<td colspan="3" valign="top" align="center">
 			<a href='javascript:kampf("klein");'>
-				<img border="0" src="design/bilder/buttons/af-turnier.jpg" title="Das Anf&auml;nger Turnier ist einmal die Woche, Samstags um 15 Uhr. (32 Spieler)" width="150" height="150" />
+				<img border="0" src="design/bilder/buttons/af-turnier.jpg" title="Das Anf&auml;nger Turnier ist einmal die Woche, Freitags um 15 Uhr. (32 Spieler)" width="150" height="150" />
 			</a>
 		</td>
 	</tr>
@@ -47,7 +47,7 @@
 		<td>&nbsp;</td>
 		<td valign="top" align="center">
 			<a href='javascript:kampf("grossst");'>
-				<img border="0" src="design/bilder/buttons/WT-turnier.jpg" title="Das Turnier ist immer am 15. Tag des Monats um 21 Uhr, (Maximal 512 Spieler ohne Fusionen)" width="150" height="150" />
+				<img border="0" src="design/bilder/buttons/WTs-turnier.jpg" title="Das Turnier ist immer am 15. Tag des Monats um 21 Uhr, (Maximal 512 Spieler ohne Fusionen)" width="150" height="150" />
 			</a>
 		</td>
 	</tr>