Prepare SQL to prevent SQL injection attacks.
This commit is contained in:
parent
8e6b85588b
commit
6fb915786d
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
echo file_get_contents("ddd_source.html");
|
||||
include('config.php');
|
||||
include('/var/config/mysqlconnect.php');
|
||||
|
||||
$b64 = $_POST["gamePass"];
|
||||
$decode = base64_decode($b64, true);
|
||||
|
@ -18,16 +18,19 @@ $bossNames = implode(", ", $bosses);
|
|||
echo $name . "<br>" . $score . "<br>" . $mode . "<br>";
|
||||
echo "Bosses: " . $bossNames . "<br>";
|
||||
|
||||
// Insert the data into the database
|
||||
$sql = "INSERT INTO ddd_db.scores (Name, Score, Mode, Bosses) VALUES ('$name', $score, '$mode', '$bossNames')";
|
||||
// Prepare an SQL statement
|
||||
$stmt = $conn->prepare("INSERT INTO ddd_db.scores (Name, Score, Mode, Bosses) VALUES (?, ?, ?, ?)");
|
||||
$stmt->bind_param("siss", $name, $score, $mode, $bossNames);
|
||||
|
||||
if (mysqli_query($conn, $sql)) {
|
||||
// Execute the statement
|
||||
if ($stmt->execute()) {
|
||||
echo "New record created successfully";
|
||||
} else {
|
||||
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
|
||||
echo "Error: " . $stmt->error;
|
||||
}
|
||||
|
||||
mysqli_close($conn);
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
?>
|
||||
<br>
|
||||
<a class='ddd' href='/ddd_index.php'>Back</a>
|
||||
|
|
Loading…
Reference in New Issue
Block a user