0
I am developing a system, and I need to store a code to a certain item and this code that I pass by POST, is not being saved in the bank, the same when it is passed, the item is written, but in the column of this code is zeroed. Follows codes:
THE FORM THAT SENDS:
<div id="gravaeditapauta">
<form action="gravarpauta.php" method="POST">
<?php
include ("conectarbanco.php");
$passacodigoreuniao=$_GET["addcodpauta"];
$selecionalinha= mysqli_query($conexao, "SELECT Data FROM reuniao where CodReuniao=$passacodigoreuniao");
$campo= mysqli_fetch_array($selecionalinha);
?>
<input type="hidden" name="CodReuniao" value="<?=$campo["CodReuniao"]?>">
<label for="data">Data da Reunião:</label>   <input type="text" name="data" size="20" maxlength="10" readonly="readonly" value="<?=$campo["Data"]?>">
<br></br>
<label for="DescItem">Inserir Item de Pauta:</label>   <input type="text" name="DescItem" size="50" maxlength="50">
<br></br>
<input type="Submit" name="submit" value="Gravar Item de Pauta">
</form>
</div>
The control block for seat insertion:
<?php
include ("conectarbanco.php");
$passacodigoreuniao=$_POST["CodReuniao"];
$data=$_POST["data"];
$DescItem=$_POST["DescItem"];
mysqli_query($conexao,"INSERT INTO itenspauta(DescItem,CodReuniao) values ('$DescItem','$passacodigoreuniao')") or die (mysqli_error($conexao));
?>
Find out how unsafe is the use of mysqli_query with $variables within the SQL command.
– epx