escape sql strings
This commit is contained in:
Daniel Løvbrøtte Olsen
parent
70645eeed7
commit
b6bb4c13df
@ -90,10 +90,11 @@ function TableExists($table, $conn) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function addToTable($lat, $lon, $url, $table, $conn) {
|
function addToTable($lat, $lon, $url, $table, $conn) {
|
||||||
|
$lat = mysqli_real_escape_string($conn, $lat);
|
||||||
|
$lon = mysqli_real_escape_string($conn, $lon);
|
||||||
settype($lat, "double");
|
settype($lat, "double");
|
||||||
settype($lon, "double");
|
settype($lon, "double");
|
||||||
$sql = "INSERT INTO `" . $table . "` (`id`, `location`, `url`, `date_added`) VALUES (NULL, GeomFromText('POINT(" . $lon ." " . $lat . ")',4326), 'test', CURRENT_TIMESTAMP)";
|
$sql = "INSERT INTO `" . $table . "` (`id`, `location`, `url`, `date_added`) VALUES (NULL, GeomFromText('POINT(" . $lon ." " . $lat . ")',4326), 'test', CURRENT_TIMESTAMP)";
|
||||||
//$sql = mysqli_real_escape_string($conn, $sql);
|
|
||||||
//printf($sql);
|
//printf($sql);
|
||||||
$res = mysqli_query($conn, $sql);
|
$res = mysqli_query($conn, $sql);
|
||||||
//($res) ? printf("true") : printf("false");
|
//($res) ? printf("true") : printf("false");
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user