diff --git a/public/admin.php b/public/admin.php
index f1d2b92..bf040ac 100644
--- a/public/admin.php
+++ b/public/admin.php
// Vaihda rooli
if (isset($_POST['rooli']) && $_SERVER['REQUEST_METHOD'] === 'POST' and $op) {
- $id = $_POST["id"];
- $rooli = $_POST['rooli'];
+ $id = mysqli_real_escape_string($conn, $_POST["id"]);
+ $rooli = mysqli_real_escape_string($conn, $_POST['rooli']);
- echo $id, $rooli;
- $stmt = $conn->prepare("UPDATE kayttajat SET opettaja=(?) WHERE id=(?);");
- $stmt->bind_param("ss", $rooli, $id);
+ $sql = "UPDATE kayttajat SET opettaja='{$rooli}' WHERE id='{$id}';";
- if ($stmt->execute()) {
+ if ($conn->query($sql) === TRUE) {
header("Location: " . $_SERVER['PHP_SELF']);
exit();
} else {
- echo "Virhe: " . $stmt->error;
+ echo "Virhe: " . $conn->error;
}
-
- $stmt->close();
+
+ $conn->close();
}
// Hae käyttäjät