From 0ab7f4a47f7d2877d5e05d73000e50dcef101084 Mon Sep 17 00:00:00 2001 From: kankys Date: Thu, 26 Sep 2024 09:08:30 +0200 Subject: [PATCH] =?UTF-8?q?99=20ochrana=20proti=20injecton=20=C3=BAtoku?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- www2databaze/pridat-zaka.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/www2databaze/pridat-zaka.php b/www2databaze/pridat-zaka.php index 92ef70b..3a12b88 100644 --- a/www2databaze/pridat-zaka.php +++ b/www2databaze/pridat-zaka.php @@ -7,21 +7,20 @@ if ($_SERVER ["REQUEST_METHOD"] === "POST") { require "assets/database.php"; $sgl = "INSERT INTO student (first_name, second_name, age, life, college) -VALUES ('" . $_POST["first_name"] . "','" - . $_POST["second_name"] . "','" - . $_POST["age"] . "','" - . $_POST["life"] . "','" - . $_POST["college"] . "')"; -// var_dump($sgl); -// exit; - $result = mysqli_query($connection, $sgl); + VALUES (?, ?, ?, ?, ?)"; +$statement = mysqli_prepare($connection, $sgl); - if ($result === false) { - echo mysqli_error($connection); - } else { - $id = mysqli_insert_id($connection); - echo "Úspěšně vložen žák s ID: $id"; - } +mysqli_stmt_bind_param($statement, "ssiss", $_POST["first_name"], $_POST["second_name"], $_POST["age"], $_POST["life"], $_POST["college"]); +mysqli_stmt_execute($statement); + +// $result = mysqli_query($connection, $sgl); +// +// if ($result === false) { +// echo mysqli_error($connection); +// } else { +// $id = mysqli_insert_id($connection); +// echo "Úspěšně vložen žák s ID: $id"; +// } } ?>