99 ochrana proti injecton útoku

www2databaze/pridat-zaka.php

@@ -2,25 +2,28 @@
 
 
 global $connection;
+
 if ($_SERVER ["REQUEST_METHOD"] === "POST") {
 
     require "assets/database.php";
 
     $sgl = "INSERT INTO student (first_name, second_name, age, life, college)
         VALUES (?, ?, ?, ?, ?)";
+
     $statement = mysqli_prepare($connection, $sgl);
 
+    if ($statement === false) {
+        echo mysqli_error($connection);
+    } else {
         mysqli_stmt_bind_param($statement, "ssiss", $_POST["first_name"], $_POST["second_name"], $_POST["age"], $_POST["life"], $_POST["college"]);
-mysqli_stmt_execute($statement);
 
-//    $result = mysqli_query($connection, $sgl);
-//
-//    if ($result === false) {
-//        echo mysqli_error($connection);
-//    } else {
-//        $id = mysqli_insert_id($connection);
-//        echo "Úspěšně vložen žák s ID: $id";
-//    }
+        if (mysqli_stmt_execute($statement)) {
+            $id = mysqli_insert_id($connection);
+            echo "Úspěšně vložen žák s ID: $id";
+        } else {
+            echo mysgli_stmt_error($statement);
+        }
+    }
 }
 ?>
 <!DOCTYPE html>