99 ochrana proti injecton útoku

2024-09-26 09:08:30 +02:00 · 2024-09-26 09:08:30 +02:00 · 0ab7f4a47f
commit 0ab7f4a47f
parent f32240acaf
1 changed files with 13 additions and 14 deletions
--- a/www2databaze/pridat-zaka.php
+++ b/www2databaze/pridat-zaka.php
@ -7,21 +7,20 @@ if ($_SERVER ["REQUEST_METHOD"] === "POST") {
    require "assets/database.php";

    $sgl = "INSERT INTO student (first_name, second_name, age, life, college)
-VALUES ('" . $_POST["first_name"] . "','"
-        . $_POST["second_name"] . "','"
-        . $_POST["age"] . "','"
-        . $_POST["life"] . "','"
-        . $_POST["college"] . "')";
-//    var_dump($sgl);
-//    exit;
-    $result = mysqli_query($connection, $sgl);
+        VALUES (?, ?, ?, ?, ?)";
+$statement = mysqli_prepare($connection, $sgl);

-    if ($result === false) {
-        echo  mysqli_error($connection);
-    } else {
-        $id = mysqli_insert_id($connection);
-        echo "Úspěšně vložen žák s ID: $id";
-    }
+mysqli_stmt_bind_param($statement, "ssiss", $_POST["first_name"], $_POST["second_name"], $_POST["age"], $_POST["life"], $_POST["college"]);
+mysqli_stmt_execute($statement);
+
+//    $result = mysqli_query($connection, $sgl);
+//
+//    if ($result === false) {
+//        echo mysqli_error($connection);
+//    } else {
+//        $id = mysqli_insert_id($connection);
+//        echo "Úspěšně vložen žák s ID: $id";
+//    }
 }
 ?>
 <!DOCTYPE html>