2024-09-25 15:40:03 +00:00
|
|
|
<?php
|
|
|
|
|
2024-10-01 15:57:35 +00:00
|
|
|
/** XSS - cross-site scripting (ochrana proti spuštění scriptu)
|
|
|
|
* konvertuje speciální znaky na HTML
|
|
|
|
* vložit ho do HTML jako < ?= htmlspecialchars($first_name);?> do values, p či h1 atd.
|
|
|
|
* Notno ošetřit kde pomocí php zobrazuji data
|
|
|
|
*
|
|
|
|
*/
|
2024-09-25 15:40:03 +00:00
|
|
|
|
|
|
|
global $connection;
|
2024-09-30 15:49:39 +00:00
|
|
|
require "assets/database.php";
|
2024-09-26 11:16:27 +00:00
|
|
|
|
2024-10-01 15:57:35 +00:00
|
|
|
/**....proměnné pro zapamatování hodnot formuláře.... */
|
|
|
|
$first_name = null;
|
|
|
|
$second_name = null;
|
|
|
|
$age = null;
|
|
|
|
$life = null;
|
|
|
|
$college = null;
|
|
|
|
|
2024-09-25 15:40:03 +00:00
|
|
|
|
2024-09-30 15:49:39 +00:00
|
|
|
if ($_SERVER ["REQUEST_METHOD"] === "POST") {
|
2024-09-25 15:40:03 +00:00
|
|
|
|
2024-10-01 15:57:35 +00:00
|
|
|
/**....nastavení proměnných formuláře co si má pamatovat ( html část Value.... */
|
|
|
|
$first_name = $_POST["first_name"];
|
|
|
|
$second_name = $_POST["second_name"];
|
|
|
|
$age = $_POST["age"];
|
|
|
|
$life = $_POST["life"];
|
|
|
|
$college = $_POST["college"];
|
|
|
|
|
|
|
|
/**....vytvoření SQL dotazu pro vložení nového žáka + ochrana proti SQL injection.... */
|
2024-09-25 15:40:03 +00:00
|
|
|
$sgl = "INSERT INTO student (first_name, second_name, age, life, college)
|
2024-09-26 07:08:30 +00:00
|
|
|
VALUES (?, ?, ?, ?, ?)";
|
2024-09-26 11:16:27 +00:00
|
|
|
|
2024-09-30 15:49:39 +00:00
|
|
|
$connection = connectionDB();
|
|
|
|
|
|
|
|
|
2024-09-26 11:16:27 +00:00
|
|
|
$statement = mysqli_prepare($connection, $sgl);
|
|
|
|
|
|
|
|
if ($statement === false) {
|
|
|
|
echo mysqli_error($connection);
|
|
|
|
} else {
|
2024-10-01 15:57:35 +00:00
|
|
|
/**..ochrana SQL injecton pomocí types (jako integer či string..*/
|
2024-09-26 11:16:27 +00:00
|
|
|
mysqli_stmt_bind_param($statement, "ssiss", $_POST["first_name"], $_POST["second_name"], $_POST["age"], $_POST["life"], $_POST["college"]);
|
2024-10-01 15:57:35 +00:00
|
|
|
|
|
|
|
/**.. provedení SQL dotazu pro vložení žáka..*/
|
2024-09-26 11:16:27 +00:00
|
|
|
if (mysqli_stmt_execute($statement)) {
|
|
|
|
$id = mysqli_insert_id($connection);
|
2024-10-01 15:57:35 +00:00
|
|
|
// echo "Úspěšně vložen žák s ID: $id";
|
|
|
|
/**..Máš povolený https server? Pokud máš HTTPS nastavený a není vypnutý nastav header na HTTPS (!= nesmí být vypnutý)
|
|
|
|
* else jinak nastav http:// na headeru
|
|
|
|
* */
|
|
|
|
if (isset($_SERVER["HTTPS"]) and $_SERVER["HTTPS"] != "off") {
|
|
|
|
$url_protocol = "https";
|
|
|
|
} else {
|
|
|
|
$url_protocol = "http";
|
|
|
|
}
|
|
|
|
|
|
|
|
// localhost = $_SERVER["HTTP_HOST"];
|
|
|
|
|
|
|
|
/**..po úspěšném vložení žáka přesměrujeme na stránku onoho žáka (relativní cesta) apsolutní by byla https://... ..*/
|
|
|
|
// header("location: jeden-zak.php?id=$id");
|
|
|
|
|
|
|
|
/**.. varianta apsolutní adresy kdy na webu nahradím localhost už jen adresou */
|
|
|
|
header("location: $url_protocol://" . $_SERVER["HTTP_HOST"] . "/PHP_DS_Project/www2databaze/jeden-zak.php?id=$id");
|
2024-09-26 11:16:27 +00:00
|
|
|
} else {
|
|
|
|
echo mysgli_stmt_error($statement);
|
|
|
|
}
|
|
|
|
}
|
2024-09-25 15:40:03 +00:00
|
|
|
}
|
|
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
|
|
<html lang="cs">
|
|
|
|
<head>
|
|
|
|
<meta charset="UTF-8">
|
|
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
|
<title>Document</title>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<?php require "assets/header.php" ?>
|
|
|
|
|
|
|
|
<main>
|
|
|
|
<section class="add-form">
|
2024-10-09 15:45:43 +00:00
|
|
|
<?php require "assets/formular-zak.php"; ?>
|
2024-09-25 15:40:03 +00:00
|
|
|
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</main>
|
|
|
|
|
|
|
|
|
|
|
|
<?php require "assets/footer.php" ?>
|
|
|
|
|
|
|
|
</body>
|
|
|
|
</html>
|