Dandellion/Misc-small-projects
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

escape sql strings

Browse Source
This commit is contained in:
Daniel Løvbrøtte Olsen 2016-05-16 11:53:55 +02:00
parent 70645eeed7
commit b6bb4c13df
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
blomzt/main.php
View File

@ -90,10 +90,11 @@ function TableExists($table, $conn) {
}
function addToTable($lat, $lon, $url, $table, $conn) {
$lat = mysqli_real_escape_string($conn, $lat);
$lon = mysqli_real_escape_string($conn, $lon);
settype($lat, "double");
settype($lon, "double");
$sql = "INSERT INTO `" . $table . "` (`id`, `location`, `url`, `date_added`) VALUES (NULL, GeomFromText('POINT(" . $lon ." " . $lat . ")',4326), 'test', CURRENT_TIMESTAMP)";
//$sql = mysqli_real_escape_string($conn, $sql);
//printf($sql);
$res = mysqli_query($conn, $sql);
//($res) ? printf("true") : printf("false");