prepare($sql_query);
if ($stmt === false) {
$conn->close();
die("Prepare failed.");
}
$stmt->bind_param("ssss", $username, $new_website, $new_username, $new_password);
//echo $sql_query;
$result = $stmt->execute();
$stmt->close();
$conn->close();
// After processing, redirect to the same page to clear the form
unset($_POST['new_website']);
unset($_POST['new_username']);
unset($_POST['new_password']);
header("Location: " . $_SERVER['PHP_SELF']);
exit();
}
// Check if 'Delete-website' button was selected
if(isset($_POST['delete_website']) && trim($_POST["websiteid"] != '')) {
$webid = trim($_POST["websiteid"]);
// Cast to int to avoid unexpected input and use a prepared statement to prevent SQL injection.
$webid = (int)trim($_POST["websiteid"]);
// Delete selected web site
$sql_query = "DELETE FROM websites WHERE webid = ?";
$stmt = $conn->prepare($sql_query);
if ($stmt === false) {
$conn->close();
die("Prepare failed.");
}
$stmt->bind_param("i", $webid);
//echo $sql_query;
$result = $stmt->execute();
$stmt->close();
$conn->close();
// After processing, redirect to the same page to clear the form
unset($_POST['websiteid']);
header("Location: " . $_SERVER['PHP_SELF']);
exit();
}
// Display list of user's web sites using a prepared statement to prevent SQL injection.
$sql_query = "SELECT * FROM websites INNER JOIN login_users ON websites.login_user_id=login_users.id WHERE login_users.username = ?";
//echo $sql_query;
$stmt = $conn->prepare($sql_query);
if ($stmt === false) {
$conn->close();
die("Prepare failed.");
}
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$stmt->close();
//echo htmlspecialchars($username);
echo "
Entries of " . $username . "
";
if (!empty($result) && $result->num_rows >= 1) {
while ($row = $result -> fetch_assoc()) {
echo "
";
echo "
" . $row["web_url"] . "
" .
"
Username: " . $row["web_username"] . "
Password: " . $row["web_password"] . "
";
echo "
";
echo "
";
echo "
";
}
// Free result set
$result -> free_result();
} else {
echo "