mirror of
https://github.com/tim-krehan/shopping-list.git
synced 2024-11-27 15:40:00 +01:00
sql inject for add listitem
This commit is contained in:
parent
eacd172218
commit
8515304423
1 changed files with 4 additions and 10 deletions
|
@ -30,23 +30,17 @@
|
||||||
include $_SESSION["docroot"].'/config/config.php';
|
include $_SESSION["docroot"].'/config/config.php';
|
||||||
include $_SESSION["docroot"].'/php/connect.php';
|
include $_SESSION["docroot"].'/php/connect.php';
|
||||||
if(!is_int($einheit)){
|
if(!is_int($einheit)){
|
||||||
$unit_query = "SELECT * FROM `Einheit` WHERE `Name` = \"$einheit\"";
|
$unit_query = $mysqli->prepare("SELECT * FROM `Einheit` WHERE `Name` = ?");
|
||||||
// $unit_query = $mysqli->prepare("SELECT * FROM `Einheit` WHERE `Name` = :einheit");
|
$unit_query->bind_param("s", $einheit);
|
||||||
// $unit_query->bind_param(":einheit", $einheit);
|
$unit_query->execute();
|
||||||
$result = $mysqli->query($unit_query);
|
$result = $unit_query->get_result();
|
||||||
while($row = $result->fetch_assoc()){
|
while($row = $result->fetch_assoc()){
|
||||||
$einheit = $row["ID"];
|
$einheit = $row["ID"];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// $insertQuery = "INSERT INTO `Einkauf` (`Anzahl`, `Einheit`, `Name`, `Erledigt`) VALUES (".$anzahl.", ".$einheit.", '".$name."', 0)";
|
|
||||||
$insertQuery = $mysqli->prepare("INSERT INTO `Einkauf` (`Anzahl`, `Einheit`, `Name`, `Erledigt`) VALUES (?, ?, ?, 0)");
|
$insertQuery = $mysqli->prepare("INSERT INTO `Einkauf` (`Anzahl`, `Einheit`, `Name`, `Erledigt`) VALUES (?, ?, ?, 0)");
|
||||||
$insertQuery->bind_param("sss", $anzahl, $einheit, $name);
|
$insertQuery->bind_param("sss", $anzahl, $einheit, $name);
|
||||||
$result = $insertQuery->execute();
|
$result = $insertQuery->execute();
|
||||||
var_dump($result);
|
|
||||||
// $insertQuery->bind_param(":einheit", $einheit);
|
|
||||||
// $insertQuery->bind_param(":itemname", $name);
|
|
||||||
// $insertQuery->execute();
|
|
||||||
// $mysqli->query($insertQuery);
|
|
||||||
$mysqli->close();
|
$mysqli->close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue