From 69ba9007fa708f5e800975175ad4bcc1040b9796 Mon Sep 17 00:00:00 2001
From: Luka Hietala <luka.hietala08@gmail.com>
Date: Wed, 5 Nov 2025 08:34:51 +0200
Subject: [PATCH] vaihda admin sql sanitointi

---
 public/admin.php | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/public/admin.php b/public/admin.php
index f1d2b92..bf040ac 100644
--- a/public/admin.php
+++ b/public/admin.php
@@ -10,21 +10,19 @@
 
     // Vaihda rooli
     if (isset($_POST['rooli']) && $_SERVER['REQUEST_METHOD'] === 'POST' and $op) {
-        $id = $_POST["id"];
-        $rooli = $_POST['rooli'];
+        $id = mysqli_real_escape_string($conn, $_POST["id"]);
+        $rooli = mysqli_real_escape_string($conn, $_POST['rooli']);
 
-        echo $id, $rooli;
-        $stmt = $conn->prepare("UPDATE kayttajat SET opettaja=(?) WHERE id=(?);");
-        $stmt->bind_param("ss", $rooli, $id);
+        $sql = "UPDATE kayttajat SET opettaja='{$rooli}' WHERE id='{$id}';";
         
-        if ($stmt->execute()) {
+        if ($conn->query($sql) === TRUE) {
             header("Location: " . $_SERVER['PHP_SELF']);
             exit();
         } else {
-            echo "Virhe: " . $stmt->error;
+            echo "Virhe: " . $conn->error;
         }
-        
-        $stmt->close();
+
+        $conn->close();
     }
 
     // Hae käyttäjät
-- 
2.47.3