From: bochard <git@bochard.net>
Date: Mon, 22 Dec 2025 03:11:09 +0000 (+0800)
Subject: now using prepared statements for guestbook
X-Git-Url: https://git.bochard.net/?a=commitdiff_plain;h=d481234926de6a9434aaa7c014486d04d7b14fc6;p=mysite.git

now using prepared statements for guestbook
---

diff --git a/guestbook.php b/guestbook.php
index 6ddd1e5..a5dfcb6 100644
--- a/guestbook.php
+++ b/guestbook.php
@@ -44,8 +44,22 @@
 							
 							// query
 							$sql = "INSERT INTO entries (name, country, website, email, comment, ip_addr)
-											VALUES ('$name', '$country', '$website', '$email', '$comment', '$ip_addr');";
-							$conn->query($sql); // submit query
+											VALUES (?, ?, ?, ?, ?, ?);";
+							
+							$stmt = $conn->prepare($sql);
+							if(!$stmt){
+								die("Prepare failed: {$conn->error}");
+							}
+							
+							// s = string
+							$stmt->bind_param("ssssss", $name, $country, $website, $email, $comment, $ip_addr);
+							if(!$stmt->execute()){
+								die("Execute failed: {$stmt->error}");
+							}
+							
+							$stmt->close();
+							
+							//~ $conn->query($sql); // submit query
 							
 							header("Location: " . $_SERVER["PHP_SELF"]);
 							die();