Осваиваю защиту от mysql инъекций.
Попробовал вот так вот сделать:
if (isset($_GET['delete'])) {
$order_id = $_GET['delete'];
$mysql = $mysql->prepare("DELETE FROM `tovars` WHERE order_id = '?' AND telegram_id = '?' ;");
$mysql->bind_param('ii', $order_id, $telegram_id);
$mysql->execute();
header('Location: tovars');
}
Выдает ошибку:
Fatal error: Uncaught ArgumentCountError: The number of variables must match the number of parameters in the prepared statement in C:\xampp\htdocs\worker\tovars.php:37 Stack trace: #0 C:\xampp\htdocs\worker\tovars.php(37): mysqli_stmt->bind_param('ii', '170193465', '301021306') #1 {main} thrown in C:\xampp\htdocs\worker\tovars.php on line 37
Простой
