CREATE TABLE products (
Id INTEGER PRIMARY KEY AUTO_INCREMENT,
name TEXT NOT NULL,
description TEXT NOT NULL,
price REAL NOT NULL
);
INSERT INTO products (name, description, price) VALUES ('Prueba','Prueba',1000);
DELETE FROM products WHERE (1=1);
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
session_start();
// Retrieve the product information from the form
$name = mysqli_real_escape_string($mysqli, "NAME");
$description = mysqli_real_escape_string($mysqli, "Description");
//$price = mysqli_real_escape_string($mysqli, "1000); SELECT * FROM products WHERE (1=1");
$price = mysqli_real_escape_string($mysqli, "1000");
echo $price;
// Use a prepared statement to prevent SQL injection attacks
$query = mysqli_prepare($mysqli, "INSERT INTO products (name, description, price) VALUES ('".$name."','".$description."',".$price.");");
// mysqli_stmt_bind_param($query, "ssd", $name, $description, $price);
mysqli_stmt_execute($query);
echo mysqli_stmt_debug($query);
// Use a prepared statement to prevent SQL injection attacks
$query = mysqli_prepare($mysqli, "SELECT * FROM products");
mysqli_stmt_execute($query);
// Store the result of the query
$result = mysqli_stmt_get_result($query);
// Loop through the rows of the result
while ($row = mysqli_fetch_assoc($result)) {
// Display the product information
echo "<h2>" . $row['name'] . "</h2>";
echo "<p>" . $row['description'] . "</p>";
echo "<p>Price: $" . $row['price'] . "</p>";
echo "<hr>";
}
?>