Prepare SQL to prevent SQL injection attacks.
This commit is contained in:
parent
8e6b85588b
commit
6fb915786d
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
echo file_get_contents("ddd_source.html");
|
echo file_get_contents("ddd_source.html");
|
||||||
include('config.php');
|
include('/var/config/mysqlconnect.php');
|
||||||
|
|
||||||
$b64 = $_POST["gamePass"];
|
$b64 = $_POST["gamePass"];
|
||||||
$decode = base64_decode($b64, true);
|
$decode = base64_decode($b64, true);
|
||||||
|
@ -18,16 +18,19 @@ $bossNames = implode(", ", $bosses);
|
||||||
echo $name . "<br>" . $score . "<br>" . $mode . "<br>";
|
echo $name . "<br>" . $score . "<br>" . $mode . "<br>";
|
||||||
echo "Bosses: " . $bossNames . "<br>";
|
echo "Bosses: " . $bossNames . "<br>";
|
||||||
|
|
||||||
// Insert the data into the database
|
// Prepare an SQL statement
|
||||||
$sql = "INSERT INTO ddd_db.scores (Name, Score, Mode, Bosses) VALUES ('$name', $score, '$mode', '$bossNames')";
|
$stmt = $conn->prepare("INSERT INTO ddd_db.scores (Name, Score, Mode, Bosses) VALUES (?, ?, ?, ?)");
|
||||||
|
$stmt->bind_param("siss", $name, $score, $mode, $bossNames);
|
||||||
|
|
||||||
if (mysqli_query($conn, $sql)) {
|
// Execute the statement
|
||||||
|
if ($stmt->execute()) {
|
||||||
echo "New record created successfully";
|
echo "New record created successfully";
|
||||||
} else {
|
} else {
|
||||||
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
|
echo "Error: " . $stmt->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
mysqli_close($conn);
|
$stmt->close();
|
||||||
|
$conn->close();
|
||||||
?>
|
?>
|
||||||
<br>
|
<br>
|
||||||
<a class='ddd' href='/ddd_index.php'>Back</a>
|
<a class='ddd' href='/ddd_index.php'>Back</a>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user