From 6f18eb5bfbd2bd5feb3305072ca6fd100a9baa7f Mon Sep 17 00:00:00 2001 From: kankys Date: Thu, 26 Sep 2024 13:16:27 +0200 Subject: [PATCH] =?UTF-8?q?99=20ochrana=20proti=20injecton=20=C3=BAtoku?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- www2databaze/pridat-zaka.php | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/www2databaze/pridat-zaka.php b/www2databaze/pridat-zaka.php index 3a12b88..908cde0 100644 --- a/www2databaze/pridat-zaka.php +++ b/www2databaze/pridat-zaka.php @@ -2,25 +2,28 @@ global $connection; + if ($_SERVER ["REQUEST_METHOD"] === "POST") { require "assets/database.php"; $sgl = "INSERT INTO student (first_name, second_name, age, life, college) VALUES (?, ?, ?, ?, ?)"; -$statement = mysqli_prepare($connection, $sgl); -mysqli_stmt_bind_param($statement, "ssiss", $_POST["first_name"], $_POST["second_name"], $_POST["age"], $_POST["life"], $_POST["college"]); -mysqli_stmt_execute($statement); + $statement = mysqli_prepare($connection, $sgl); -// $result = mysqli_query($connection, $sgl); -// -// if ($result === false) { -// echo mysqli_error($connection); -// } else { -// $id = mysqli_insert_id($connection); -// echo "Úspěšně vložen žák s ID: $id"; -// } + if ($statement === false) { + echo mysqli_error($connection); + } else { + mysqli_stmt_bind_param($statement, "ssiss", $_POST["first_name"], $_POST["second_name"], $_POST["age"], $_POST["life"], $_POST["college"]); + + if (mysqli_stmt_execute($statement)) { + $id = mysqli_insert_id($connection); + echo "Úspěšně vložen žák s ID: $id"; + } else { + echo mysgli_stmt_error($statement); + } + } } ?>