// query
$sql = "INSERT INTO entries (name, country, website, email, comment, ip_addr)
- VALUES ('$name', '$country', '$website', '$email', '$comment', '$ip_addr');";
- $conn->query($sql); // submit query
+ VALUES (?, ?, ?, ?, ?, ?);";
+
+ $stmt = $conn->prepare($sql);
+ if(!$stmt){
+ die("Prepare failed: {$conn->error}");
+ }
+
+ // s = string
+ $stmt->bind_param("ssssss", $name, $country, $website, $email, $comment, $ip_addr);
+ if(!$stmt->execute()){
+ die("Execute failed: {$stmt->error}");
+ }
+
+ $stmt->close();
+
+ //~ $conn->query($sql); // submit query
header("Location: " . $_SERVER["PHP_SELF"]);
die();
projects / mysite.git / commitdiff