Этот код уязвим для SQL-инъекции. Как я могу улучшить его, чтобы предотвратить инъекции? И как я могу проверить этот код с помощью инъекций? Это мой код: if (isset ($ _POST ['name'])) {$ name = $ _POST ['name']; }
if (isset ($_POST['name'])) { $name = $_POST['name']; } if (isset ($_POST['remarcs'])) { $remarcs = $_POST['remarcs']; } if (isset ($_POST['test_res'])) { $test_res = $_POST['test_res']; } if (isset ($_POST['address'])) { $address = $_POST['address']; } if (isset ($_POST['date'])) { $date = $_POST['date']; } if (isset ($_POST['phone_num'])) { $phone = $_POST['phone_num']; } if (isset ($_POST['illness'])) { $illness = $_POST['illness']; } if (isset ($_POST['echo'])) { $echo = $_POST['echo']; } if (isset ($_POST['pe'])) { $pe = $_POST['pe']; } if (isset ($_POST['pmhx'])) { $pmhx = $_POST['pmhx']; } if (isset ($_POST['pshx'])) { $pshx = $_POST['pshx']; } if (isset ($_POST['habbits'])) { $habbits = $_POST['habbits']; } if (isset ($_POST['occup'])) { $occup = $_POST['occup']; } if (isset ($_POST['allergy'])) { $allergy = $_POST['allergy']; } //Check file is uploaded or not //if (isset($_FILES['file']['name']) && $_FILES['file']['name']!='' && $_FILES['file']['error']=='') { //$path2 = ... ; //move_uploaded_file(...); if(is_uploaded_file($_FILES["file"]["tmp_name"])) { $path = "../uploads/".$_FILES['file']['name']; move_uploaded_file($_FILES["file"]["tmp_name"], $path); $new_path = "./uploads/".$path; } else{ $new_path = $_POST['org_path']; //$path2 = "../uploads/".$_FILES['echo_photo']['name']; } //move_uploaded_file($_FILES["file"]["tmp_name"], $path); //$new_path = $path; $sql="UPDATE $tbl_name SET name = '$name', echo_files = '$new_path', remarcs = '$remarcs', test_res = '$test_res', date = '$date', address = '$address', phone_num = '$phone', illness = '$illness', echo = '$echo', pmhx = '$pmhx', pshx = '$pshx', habbits = '$habbits', occup = '$occup', allergy = '$allergy', pe = '$pe' WHERE id = ".$id; $result=mysqli_query($con,$sql) or die('Unable to execute query. '. mysqli_error($con));