为什么在此代码中的SQL语句下使用$ _POST变量被认为是错误的? :
<?php
session_start();
if($_SESSION["usuario"]==null){
header("Location: ../index.php?fail=1¬-authorized=1");
}
include 'connection.php';
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "UPDATE users SET email='".$_REQUEST["email"]."', password='".password_hash($_REQUEST["password"], PASSWORD_DEFAULT)."', timezone='".$_REQUEST["timezone"]."' WHERE configId='1'";
if (mysqli_query($conn, $sql)) {
header("Location: ../list-users.php?success=1&update=1");
} else {
echo "Error updating record: " . mysqli_error($conn);
}
mysqli_close($conn);
exit();
?>