public function update(User $user) { $id = $user->getId(); // $login = mysqli_real_escape_string($this->db, $user->getLogin()); $login = $this->db->quote($user->getLogin()); // $password = mysqli_real_escape_string($this->db, $user->getHash()); $password = $this->db->quote($user->getHash()); // $email = mysqli_real_escape_string($this->db, $user->getEmail()); $email = $this->db->quote($user->getEmail()); // $name = mysqli_real_escape_string($this->db, $user->getName()); $name = $this->db->quote($user->getName()); // $surname = mysqli_real_escape_string($this->db, $user->getSurname()); $surname = $this->db->quote($user->getSurname()); $date_birth = $user->getDateBirth(); $query = "UPDATE user SET login="******", password="******", email=" . $email . ", name=" . $name . ", surname=" . $surname . ", date_birth=" . $date_birth . " WHERE id=" . $id . ""; // $res = mysqli_query($this->db, $query); $res = $this->db->exec($query); if ($res) { return $this->findById($id); } else { return "Internal Server Error"; } }