我遇到了有关更新名为“answers”的数据库表中的值的问题。因为它没有更新表。所以,这是我的代码:
if(isset($_POST['marked']))
{ $marked= $_POST['marked'];
$command= "UPDATE Answers SET " .
"SessionID=" . $_POST['SessionID'] . ", " .
"TestID=" . $_POST['TestID'] . ", " .
"QuesID=" . $_POST['QuesID'] . ", " .
"A1=0, " .
"A2=0, " .
"A3=0, " .
"A4=0, " .
"A5=0, " .
"A6=0, " .
"AnswerText=\"\", " .
"SortOrder='" . intval($_POST['Order']) . "' " .
"marked=1".
"WHERE SessionID=" . $_POST['SessionID'] .
" AND QuesID=" . $_POST['QuesID'];
$lolsql= mysql_query($command, $conn);
}
每当有人点击标记的(提交按钮)时,我想将具有0值的'标记'字段更新为1。 请有人帮助我。在此先感谢:)
答案 0 :(得分:1)
您的代码极易受到注入攻击,因为您根本没有清理输入并直接更新数据库,其次开始使用mysqli_()或PDO statements,mysql_()不再维护由社区。
Atleast使用mysqli_real_escape_string()来清理您的输入
实施例
if(isset($_POST['whatever'])) {
$holder = mysqli_real_escape_string ($connection, $_POST['value']);
}
你的查询总是一团糟,你为什么要使用连接?你不能简单地写这样的查询吗?
$query = "UPDATE table_name SET col_name = '$value', col_name2 = '$value2' ... WHERE ...";
答案 1 :(得分:1)
完整代码:
<? if(isset($_POST['marked'])) {
$answer_text = "something here";
$marked = mysql_real_escape_string($_POST['marked']);
$session = mysql_real_escape_string($_POST['SessionID']);
$test = mysql_real_escape_string($_POST['TestID']);
$ques = mysql_real_escape_string($_POST['QuesID']);
$answer = mysql_real_escape_string($answer_text);
$order = intval(mysql_real_escape_string($_POST['Order']));
mysql_query("
UPDATE
`Answers`
SET
`SessionID` = '$session',
`TestID` = '$test',
`QuesID` = '$que',
`A1` = 0,
`A2` = 0,
`A3` = 0,
`A4` = 0,
`A5` = 0,
`A6` = 0,
`AnswerText` = '$answer',
`SortOrder` = '$order',
`marked` = 1
WHERE
`SessionID` = '$session'
AND
`QuesID` = '$ques';
") or die("Error: " . mysql_error());
}?>
如果您希望将查询放在一行:
mysql_query("UPDATE `Answers` SET `SessionID` = '$session', `TestID` = '$test', `QuesID` = '$que', `A1` = 0, `A2` = 0, `A3` = 0, `A4` = 0, `A5` = 0, `A6` = 0, `AnswerText` = '$answer', `SortOrder` = '$order', `marked` = 1 WHERE `SessionID` = '$session' AND `QuesID` = '$ques';") or die("Error: " . mysql_error());
如果您仍然遇到问题,此脚本将返回以Error:开头的错误。您可能错过了其中一列。