From c9ddb8c3e881eaa9dbc1a4ddc0ce510b0b87ff6d Mon Sep 17 00:00:00 2001 From: Jasmin <2211581@stud.hs-mannheim.de> Date: Sun, 11 Jun 2023 21:52:53 +0200 Subject: [PATCH] b.BuchID = $ID durch Prepared Statement ersetzt --- buch_details.php | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/buch_details.php b/buch_details.php index 3e4f7fc..20f528d 100644 --- a/buch_details.php +++ b/buch_details.php @@ -18,15 +18,22 @@
prepare("SELECT b.BuchID, b.Titel, + b.Erscheinungsjahr, b.Bild, b.Verlag, + GROUP_CONCAT(DISTINCT CONCAT(a.VorName, ' ', a.NachName) SEPARATOR ', ') AS 'Autor', GROUP_CONCAT(DISTINCT k.Name SEPARATOR ', ') AS 'Kategorie', b.ISBN, b.Klappentext AS 'Inhalt', sp.Bezeichnung AS 'Sprache', @@ -45,22 +52,24 @@ INNER JOIN `sprache` AS sp ON sp.SprachenID = b.SprachenID INNER JOIN `buch_hat_stichwort` AS bhs ON bhs.BuchID = b.BuchID INNER JOIN `stichwort` AS st ON st.StichwortID = bhs.StichwortID - WHERE b.BuchID = $ID - GROUP BY b.BuchID;"; + WHERE b.BuchID = ? + GROUP BY b.BuchID;"); - $servername = "localhost"; - $username = "web_b-3"; - $password = "een7Ao6s"; - $dbname = "bibliothek_candle"; + // Parameter binden + $sql->bind_param("i", $ID); - $connection = - mysqli_connect($servername, $username, $password, $dbname); + // Übergebene ID des angeklickten Container speichern + $containerID = $_GET['bookID']; - if (!$connection) { - die("Verbindung fehlgeschlagen: " . mysqli_connect_error()); - } + // Buch ID abtrennen + $ID = str_replace('book_container', '', $containerID); + + // SQL-Befehl ausführen + $sql->execute(); + + // Ergebnis speichern + $result = $sql->get_result(); - $result = mysqli_query($connection, $sql); if (mysqli_num_rows($result) > 0) { while($row = mysqli_fetch_assoc($result)) { $bookID = $row['BuchID'];