diff --git a/www2databaze/pridat-zaka.php b/www2databaze/pridat-zaka.php index 92ef70b..3a12b88 100644 --- a/www2databaze/pridat-zaka.php +++ b/www2databaze/pridat-zaka.php @@ -7,21 +7,20 @@ if ($_SERVER ["REQUEST_METHOD"] === "POST") { require "assets/database.php"; $sgl = "INSERT INTO student (first_name, second_name, age, life, college) -VALUES ('" . $_POST["first_name"] . "','" - . $_POST["second_name"] . "','" - . $_POST["age"] . "','" - . $_POST["life"] . "','" - . $_POST["college"] . "')"; -// var_dump($sgl); -// exit; - $result = mysqli_query($connection, $sgl); + VALUES (?, ?, ?, ?, ?)"; +$statement = mysqli_prepare($connection, $sgl); - if ($result === false) { - echo mysqli_error($connection); - } else { - $id = mysqli_insert_id($connection); - echo "Úspěšně vložen žák s ID: $id"; - } +mysqli_stmt_bind_param($statement, "ssiss", $_POST["first_name"], $_POST["second_name"], $_POST["age"], $_POST["life"], $_POST["college"]); +mysqli_stmt_execute($statement); + +// $result = mysqli_query($connection, $sgl); +// +// if ($result === false) { +// echo mysqli_error($connection); +// } else { +// $id = mysqli_insert_id($connection); +// echo "Úspěšně vložen žák s ID: $id"; +// } } ?>