0
I have this code to insert:
$name = isset($_POST["DescricaoProd"]) ? $_POST["DescricaoProd"] : '';
$unid = isset($_POST["DescricaoUnid"]) ? $_POST["DescricaoUnid"] : '';
if (!empty($name) && !empty($unid)) {
echo 'true';
} else {
echo 'false';
}
$sql = "INSERT INTO ProdHigieneteste (DescricaoProd,DescricaoUnid)
VALUES ('$name','$unid')";
if ($conn->query($sql) === TRUE);
$sql1 = "INSERT INTO StockHigieneteste (DescricaoProd,DescricaoUnid)
VALUES ('$name','$unid')";
if ($conn->query($sql1) === TRUE);
//Count total number of rows
$rowCount = $query->num_rows;
$conn->close();
Wanted to protect from sql Injection, someone can help?
Possible duplicate of How to use Prepared statements with external variables in Mysqli
– Roberto de Campos
Possible duplicate of How to prevent SQL code injection into my PHP code?
– Barbetta