diff --git a/code/deffiehelman.php b/code/deffiehelman.php
index e80c856729afdc46380b575e4d793f7845585605..62d45fd7f044283c7419186aaad1778ba7024bc6 100644
--- a/code/deffiehelman.php
+++ b/code/deffiehelman.php
@@ -45,8 +45,14 @@
$sharedPublicServer = computePublic($number1,$randomPrivate,$number2);
//masukin ke database
- $sql = "UPDATE user SET base2=".$number2.", random=".$randomPrivate." WHERE User_Id=".$_SESSION["myId"];
- mysqli_query($con,$sql);
+ $stmt = $con->prepare("UPDATE user SET base2=?, random=? WHERE User_Id=?");
+ $stmt->bind_param("iii", $number2, $randomPrivate, $_SESSION["myId"]);
+
+ $stmt->execute();
+ $stmt->close();
+
+ // $sql = "UPDATE user SET base2=".$number2.", random=".$randomPrivate." WHERE User_Id=".$_SESSION["myId"];
+ // mysqli_query($con,$sql);
// echo "Sini";
// echo "number1 = "+$number1; echo " ";
@@ -68,8 +74,14 @@
$random = $row['random'];
$sharedKey = sharedPrivate($sharedPublicClient,$random,$base2);
// echo $shared_key; echo " ";
- $sql = "UPDATE user SET shared_key=".$sharedKey." WHERE User_Id=".$_SESSION["myId"];
- mysqli_query($con,$sql);
+ $stmt = $con->prepare("UPDATE user SET shared_key=? WHERE User_Id=?");
+ $stmt->bind_param("ii", $sharedKey, $_SESSION["myId"]);
+
+ $stmt->execute();
+ $stmt->close();
+
+ // $sql = "UPDATE user SET shared_key=".$sharedKey." WHERE User_Id=".$_SESSION["myId"];
+ // mysqli_query($con,$sql);
echo $sharedKey;
}
die();
diff --git a/code/delete_post_action.php b/code/delete_post_action.php
index 0685d7cbe80153ba8d3b3e1d9717a6042eebf558..a3716a3aa880d64d0bf332de2f1b1f6dde30458a 100644
--- a/code/delete_post_action.php
+++ b/code/delete_post_action.php
@@ -6,7 +6,7 @@ if (isset($_SESSION["isLogin"])){
$postid = $_GET['postid'];
$getpostresult = getspecificpost($con,$postid);
- $row = mysqli_fetch_array($getpostresult);
+ $row = mysqli_fetch_array($getpostresult);
if ($row['Nama'] != $_SESSION['myNama']) {
header("Location: index.php"); /* Redirect browser */
exit();
diff --git a/code/edit_post_action.php b/code/edit_post_action.php
index ea788d56244b08d1f1944a01812bcf3c0b051504..106f872f9c237410db4e5712ee2e0631e779b75b 100644
--- a/code/edit_post_action.php
+++ b/code/edit_post_action.php
@@ -61,12 +61,20 @@ if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_
echo "Maaf Anda bukan pemilik post ini!";
} else {
if (isset($_FILES["image"])) {
- mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid);
- echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid;
+ $stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=?, Image=? WHERE Post_Id=?");
+ $stmt->bind_param('ssssi', $Judul, $Tanggal, $Konten, $target_file, $postid);
+ $stmt->execute();
+
+ // mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid);
+ // echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'".", Image='".$target_file."' WHERE Post_Id=".$postid;
}
else {
- mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid);
- echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid;
+ $stmt = $con->prepare("UPDATE post SET Title=?,Date=?, Contents=? WHERE Post_Id=?");
+ $stmt->bind_param('sssi', $Judul, $Tanggal, $Konten, $postid);
+ $stmt->execute();
+
+ // mysqli_query($con,"UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid);
+ // echo "UPDATE post SET Title='".$Judul."'".","."Date='".$Tanggal."'".","."Contents='".$Konten."'"."WHERE Post_Id=".$postid;
}
header("Location: index.php");
}
diff --git a/code/login.php b/code/login.php
index b462a0dcc509f5cb9bfe772560cf21bb84b7d1bc..1949fba919dee16f70d75a8903ff294bcbcb8de5 100644
--- a/code/login.php
+++ b/code/login.php
@@ -4,7 +4,13 @@
// remember the user
include 'mainviewer.php';
$con = phpsqlconnection();
- $result = mysqli_query($con,"SELECT * FROM user WHERE Identifier='".$_COOKIE['userSimpleBlog']."' LIMIT 1");
+ $stmt = $con->prepare(
+ "SELECT * FROM user WHERE Identifier=? LIMIT 1");
+ $stmt->bind_param('s', $_COOKIE['userSimpleBlog']);
+ $stmt->execute();
+ $result = $stmt->get_result();
+
+ // $result = mysqli_query($con,"SELECT * FROM user WHERE Identifier='".$_COOKIE['userSimpleBlog']."' LIMIT 1");
$row = mysqli_fetch_array($result);
if (mysqli_num_rows($result) == 1){
diff --git a/code/new_post_action.php b/code/new_post_action.php
index 10f0b66f8ee8a6de8e6dc5e50d236d613c6ac157..6c173d34547aa08f9ff784921f096017083de2e7 100644
--- a/code/new_post_action.php
+++ b/code/new_post_action.php
@@ -46,9 +46,16 @@ if (isset($_SESSION["isLogin"]) && (isset($_POST['csrf_token']) && $_POST['csrf_
}
$con = phpsqlconnection();
- $sql = "INSERT INTO post (Post_Id, Creator_Id, Title, Date, Contents, Image)
- VALUES (NULL".",".$creatorid.","."'".$Judul."'".","."'".$Tanggal."'".","."'".$Konten."'".","."'".$target_file."')";
- if (mysqli_multi_query($con, $sql)) {
+
+ $stmt = $con->prepare("INSERT INTO post (Post_Id, Creator_Id, Title, Date, Contents, Image)
+ VALUES (NULL,?,?,?,?,?)");
+ $stmt->bind_param('issss', $creatorid, $Judul, $Tanggal, $Konten, $target_file);
+ $stmt->execute();
+ // $result = $stmt->get_result();
+
+ // $sql = "INSERT INTO post (Post_Id, Creator_Id, Title, Date, Contents, Image)
+ // VALUES (NULL".",".$creatorid.","."'".$Judul."'".","."'".$Tanggal."'".","."'".$Konten."'".","."'".$target_file."')";
+ if ($stmt->execute()) {
// echo "Huba";
header("Location: index.php");
} else {
diff --git a/code/posthandling.php b/code/posthandling.php
index a97177995e2a9a5e835f4675b250f642e27b6611..01f3580ad02f8012ba20e8f9e35255fb27851d4d 100644
--- a/code/posthandling.php
+++ b/code/posthandling.php
@@ -1,18 +1,37 @@
<?php
if (isset($_SESSION["isLogin"])){
function getpost($con)
- { $sql = "SELECT user.Nama , post.* FROM post INNER join user ON post.Creator_Id = user.User_Id ORDER BY Date DESC";
- $result = mysqli_query($con,$sql);
+ {
+ $stmt = $con->prepare(
+ "SELECT user.Nama , post.* FROM post INNER join user ON post.Creator_Id = user.User_Id ORDER BY Date DESC");
+ // $stmt->bind_param('ss', $value, $value2);
+ $stmt->execute();
+ $result = $stmt->get_result();
+ // $row = $result->fetch_array(MYSQLI_NUM);
+ // $sql = "SELECT user.Nama , post.* FROM post INNER join user ON post.Creator_Id = user.User_Id ORDER BY Date DESC";
+ // $result = mysqli_query($con,$sql);
return $result;
}
function getspecificpost($con,$postid)
{
- $result = mysqli_query($con,"SELECT user.Nama , post.* FROM post INNER join user ON post.Creator_Id = user.User_Id WHERE Post_Id = ".$postid);
+ $stmt = $con->prepare(
+ "SELECT user.Nama , post.* FROM post INNER join user ON post.Creator_Id = user.User_Id WHERE Post_Id = ?");
+ $stmt->bind_param('i', $postid);
+ $stmt->execute();
+ $result = $stmt->get_result();
+
+ // $result = mysqli_query($con,"SELECT user.Nama , post.* FROM post INNER join user ON post.Creator_Id = user.User_Id WHERE Post_Id = ".$postid);
return $result;
}
function getspecificcomments($con,$postid)
{
- $result = mysqli_query($con,"SELECT user.Nama , comments.* FROM comments INNER join user ON comments.Creator_Id = user.User_Id WHERE Post_Id = ".$postid." ORDER BY Time DESC");
+ $stmt = $con->prepare(
+ "SELECT user.Nama , comments.* FROM comments INNER join user ON comments.Creator_Id = user.User_Id WHERE Post_Id = ? ORDER BY Time DESC");
+ $stmt->bind_param('i', $postid);
+ $stmt->execute();
+ $result = $stmt->get_result();
+
+ // $result = mysqli_query($con,"SELECT user.Nama , comments.* FROM comments INNER join user ON comments.Creator_Id = user.User_Id WHERE Post_Id = ".$postid." ORDER BY Time DESC");
return $result;
}
}else{
diff --git a/code/signup_action.php b/code/signup_action.php
index eae881732f2e30d7112b87ab0f4a41913199a4d8..a33b03ac1ea16376e6e32867028fbb41472b9f6b 100644
--- a/code/signup_action.php
+++ b/code/signup_action.php
@@ -5,7 +5,13 @@ session_start();
$email = $_POST['email'];
$password = $_POST['password'];
$con = phpsqlconnection();
- $result = mysqli_query($con,"SELECT * FROM user WHERE Email='$email' LIMIT 1");
+ $stmt = $con->prepare(
+ "SELECT * FROM user WHERE Email='$email' LIMIT 1");
+ $stmt->bind_param('s', $email);
+ $stmt->execute();
+ $result = $stmt->get_result();
+
+ // $result = mysqli_query($con,"SELECT * FROM user WHERE Email='$email' LIMIT 1");
if ($result->num_rows == 0) {
// insert token too
$token = hash("sha256",(time()."".(rand(1000,1000000))));