pahingi po ng idea sa dalawang code na to kung pano maprevent ang sql injection..
1st code:
if (isset($_POST['post'])) {
$page_content = $_POST['post_content']; //get the input text
$pagecontent = $_POST['postcontent']; //get the input title
$date_created = strtotime(date("Y-m-d h:i:sa")); //get the date and time
// prevent to ****ing sql injection
$slq = mysqli_prepare($con, "INSERT INTO post (comment,title, date_created, user_id) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($slq, "sssi", $page_content, $pagecontent, $date_created, $user_id );
mysqli_stmt_execute($slq);
} ?>
2nd code:
<?php
if(isset($_GET['id'])){
$id_comment =$_GET['id'];
// display query from post database
$post_query = mysqli_query($con, "SELECT *,UNIX_TIMESTAMP() - date_created as TimeSpent FROM post left join registration on registration.user_id = post.user_id where comment_id = '$id_comment' order by comment_id DESC limit 1 ") or die(mysqli_error($con));
// loop
while ($content_row = mysqli_fetch_array($post_query)){
$id = $content_row['comment_id']; //get the comment_id
$uid = $content_row['user_id']; //get the user_id
$postedby = $content_row['username']; //get the username
}?>
1st code:
if (isset($_POST['post'])) {
$page_content = $_POST['post_content']; //get the input text
$pagecontent = $_POST['postcontent']; //get the input title
$date_created = strtotime(date("Y-m-d h:i:sa")); //get the date and time
// prevent to ****ing sql injection
$slq = mysqli_prepare($con, "INSERT INTO post (comment,title, date_created, user_id) VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($slq, "sssi", $page_content, $pagecontent, $date_created, $user_id );
mysqli_stmt_execute($slq);
} ?>
2nd code:
<?php
if(isset($_GET['id'])){
$id_comment =$_GET['id'];
// display query from post database
$post_query = mysqli_query($con, "SELECT *,UNIX_TIMESTAMP() - date_created as TimeSpent FROM post left join registration on registration.user_id = post.user_id where comment_id = '$id_comment' order by comment_id DESC limit 1 ") or die(mysqli_error($con));
// loop
while ($content_row = mysqli_fetch_array($post_query)){
$id = $content_row['comment_id']; //get the comment_id
$uid = $content_row['user_id']; //get the user_id
$postedby = $content_row['username']; //get the username
}?>