Witam.
Chciałbym się zapytać czy ten kod jest jjuż bezpieczny? czy jeszzcze coś muszę dodać?. wiem ze muszę jeszcze captcha dodać na boty i jesszcze kiedyś słyszałem o jakimś zabezpieczniu do blogów ale kurczę wyleciało mi z głowy... z górdzy dziękuję za pomoc..
<?php
require_once"dbconect.php";
$conn = mysqli_connect($host, $db_user, $db_password,$db_name);
$conn->set_charset("utf8");
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
if (isset($_POST['name']) && isset($_POST['surname']) && isset($_POST['gender']) && isset($_POST['city']) && isset($_POST['Dateofbirth']) && isset($_POST['street']) && isset($_POST['number'])&& isset($_POST['zipcode']) && isset($_POST['phone']) && isset($_POST['email'])&& isset($_POST['distance'])&& isset($_POST['team']) ){
$name = trim(strip_tags($_POST['name']));
$surname = trim(strip_tags($_POST['surname']));
$gender = trim(strip_tags($_POST['gender']));
$city = trim(strip_tags($_POST['city']));
$Dateofbirth = trim(strip_tags($_POST['Dateofbirth']));
$street = trim(strip_tags($_POST['street']));
$number = trim(strip_tags($_POST['number']));
$zipcode = trim(strip_tags($_POST['zipcode']));
$phone = trim(strip_tags($_POST['phone']));
$email = trim(strip_tags($_POST['email']));
$distance = trim(strip_tags($_POST['distance']));
$team = trim(strip_tags($_POST['team']));
}
else{
echo 'nie isinieja';
}
if ('$distance' ==='mini'){
echo 'dodano';
}
if ('$distance' ==='mega'){
echo 'dodano';
}
if ('$gender' ==='women'){
echo 'dodano';
}
if ('$gender' ==='men'){
echo 'dodano';
}
$stmt = $conn->prepare("INSERT INTO tab (name,surname ,gender,city,Dateofbirth,street,number,zipcode,phone,email,distance,team) values (?,?,?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param("ssssssisssss",$name,$surname,$gender,$city,$Dateofbirth,$street,$number,$zipcode,$phone,$email,$distance,$team);
$stmt->execute();
if ($stmt!=TRUE){
echo"nie dodano";}
else{
echo'dodano'; }
//$wynik = mysqli_query($conn,"SELECT * FROM xyz");
//while($row = mysqli_fetch_array($wynik))
//{echo $row['name'] . " " . $row['surname']; echo "<br>"; }
$stmt->close();
$conn->close();
?>