prepare($sql_query); if ($stmt === false) { $conn->close(); die("Prepare failed."); } $stmt->bind_param("ssss", $username, $new_website, $new_username, $new_password); //echo $sql_query; $result = $stmt->execute(); $stmt->close(); $conn->close(); // After processing, redirect to the same page to clear the form unset($_POST['new_website']); unset($_POST['new_username']); unset($_POST['new_password']); header("Location: " . $_SERVER['PHP_SELF']); exit(); } // Check if 'Delete-website' button was selected if(isset($_POST['delete_website']) && trim($_POST["websiteid"] != '')) { $webid = trim($_POST["websiteid"]); // Cast to int to avoid unexpected input and use a prepared statement to prevent SQL injection. $webid = (int)trim($_POST["websiteid"]); // Delete selected web site $sql_query = "DELETE FROM websites WHERE webid = ?"; $stmt = $conn->prepare($sql_query); if ($stmt === false) { $conn->close(); die("Prepare failed."); } $stmt->bind_param("i", $webid); //echo $sql_query; $result = $stmt->execute(); $stmt->close(); $conn->close(); // After processing, redirect to the same page to clear the form unset($_POST['websiteid']); header("Location: " . $_SERVER['PHP_SELF']); exit(); } // Display list of user's web sites using a prepared statement to prevent SQL injection. $sql_query = "SELECT * FROM websites INNER JOIN login_users ON websites.login_user_id=login_users.id WHERE login_users.username = ?"; //echo $sql_query; $stmt = $conn->prepare($sql_query); if ($stmt === false) { $conn->close(); die("Prepare failed."); } $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); //echo htmlspecialchars($username); $safe_username = htmlspecialchars($username, ENT_QUOTES | ENT_SUBSTITUTE, "UTF-8"); echo "

Entries of " . $safe_username . "

"; if (!empty($result) && $result->num_rows >= 1) { while ($row = $result -> fetch_assoc()) { // Escape output to prevent stored XSS (DB content must be treated as untrusted). $safe_url = htmlspecialchars($row["web_url"], ENT_QUOTES | ENT_SUBSTITUTE, "UTF-8"); $safe_user = htmlspecialchars($row["web_username"], ENT_QUOTES | ENT_SUBSTITUTE, "UTF-8"); $safe_pass = htmlspecialchars($row["web_password"], ENT_QUOTES | ENT_SUBSTITUTE, "UTF-8"); $webid_safe = (int)$row["webid"]; echo ""; echo "" . ""; echo ""; echo ""; echo "
" . $safe_url . "
Username: " . $safe_user . "Password: " . $safe_pass . "
" . "" . "

"; } // Free result set $result -> free_result(); } else { echo "

No entries found.

"; } $conn -> close(); ?> Dashboard




Notes - announcements

Logout

Home page