这个脚本里面的变量根本不起作用,它让我疯狂,如果有人能提供帮助那就太棒了!
<?php
$db = mysql_connect('HOST', 'USER', 'PASS') or die('Could not connect: ' . mysql_error());
mysql_select_db('DBNAME') or die('Could not select database');
// Strings must be escaped to prevent SQL injection attack.
$name = mysql_real_escape_string($_GET['name'], $db);
$score = mysql_real_escape_string($_GET['score'], $db);
$QuestionN = mysql_real_escape_string($_GET['QuestionN'], $db);
$hash = $_GET['hash'];
$num = (int)$QuestionN;
$var1 = mysql_real_escape_string($_POST['var1']);
$var2 = mysql_real_escape_string($_POST['var2']);
$secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below
$real_hash = md5($name . $score . $secretKey);
if($real_hash == $hash) {
$query = mysql_query("UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2);
//$query = mysql_query("UPDATE Quiz1 SET " . $score . " = (1 + ". $score .")". " WHERE Question = " . $QuestionN);
//$query = mysql_query("UPDATE Quiz1 SET A = (1 + A ) WHERE Question = 1 ");
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
}
print($var1) ;
?>
使用PDO清除了这一点,为需要它的人提供了更好的PHP实践代码。
<?php
// Configuration
$hostname = 'host';
$username = 'user';
$password = 'pass';
$database = 'DBNAME';
//$score = 'A' ;
$name = $_GET['name'];
$score = $_GET['score'];
$QuestionN = $_GET['QuestionN'];
$table = $_GET['table'];
$hash = $_GET['hash'];
$num = (int)$QuestionN;
$secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below
$real_hash = md5($name . $score . $secretKey);
// if($real_hash == $hash) {
try {
$conn = new PDO('mysql:host='. $hostname .';dbname='. $database, $username, $password);
echo "Connected to database"; // check for connection
//$dbh->exec("UPDATE Quiz1 SET $score = 1 WHERE Question = 1"); // THIS DOES NOT
//$dbh->exec("UPDATE Quiz1 SET B = 1 WHERE Question = 1"); // THIS WORKS
$conn->exec("SET CHARACTER SET utf8"); // Sets encoding UTF-8
//$score = 'A';
//$scoreB = 'A';
//14
$author = 'Imanda';
//15
//$id = 1 ;
//16
// query
//$table = 'Quiz1';
//17
$sql = "UPDATE $table
SET $score = ( 1 + $score)
WHERE Question = ? " ;
//20
$q = $conn->prepare($sql);
//21
$q->execute(array($QuestionN));
//AddScore($dbh,'Quiz1','A','1');
}
catch(PDOException $e)
{
echo $e->getMessage();
}
// }
?>
答案 0 :(得分:1)
你在两个地方使用mysql_query,它应该只在一个地方。
$query = mysql_query("UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2);
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
}
到
$query = "UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2;
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
}
答案 1 :(得分:0)
请务必查看MySQL文档以帮助您完成任务。