Hallo,
ich wollte mal Fragen wie man hier BindValue/Param einsetzen kann oder ob man es überhaupt sicher machen kann.
Script:
PHP
<?php
session_start();
require_once 'config/connect.php';
if(isset($_GET['type'], $_GET['id'])) {
$type = $_GET['type'];
$id = (int)$_GET['id'];
$sid = $_SESSION['id'];
switch($type) {
case 'article':
$stmt = $pdo->prepare("
INSERT INTO u_post_likes (user_id, post_id)
SELECT {$sid}, {$id}
FROM u_post
WHERE EXISTS (
SELECT p_id
FROM u_post
WHERE p_id = {$id})
AND NOT EXISTS (
SELECT id
FROM u_post_likes
WHERE user_id = {$sid}
AND post_id = {$id})
LIMIT 1
");
if(!$stmt->execute()) {
print_r($stmt->errorInfo());
}
break;
}
}
header('Location: testupload.php');
?>
Alles anzeigen