I updated the original post after I relized I left out the db and functions.php
if you check it again you will see I secured the:
Code:
<form method='' action=''>
Code:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
used mysqli also if you need the mysqli_connect();
Code:
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', 'MagicCues90');
define('DB_DATABASE', 'shop');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
change password and database
Extra Note:
Code:
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
https://www.w3schools.com/php/showph...ion_escapechar