动态更新的复选框

时间:2014-11-05 11:17:02

标签: php mysql ajax

我有一个复选框,可以在使用PHP和Ajax检查/取消选中时动态更新MySQL数据库。

我现在正在尝试传递用户名,以便Ajax脚本可以使用用户全名更新数据库。

我将名称保存在名为$ full_name的变量中。我似乎无法让这个工作。请参阅以下代码:

使用Javascript:

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script>
function chkit(uid, chk) {
    chk=document.getElementById("chk").checked;

    $.ajax({
      type: 'GET',
      url: 'ajax.php',
      data: { chkYesNo: chk, record_id: uid, full_name: user},
      success:function(data){
        // successful request; do something with the div background color
        if(data==1)
        { 
            $("#replace").addClass("checked_div_status").removeClass("replace");//removing first class and adding second class
        }
        else
        {
            $("#replace").addClass("replace").removeClass("checked_div_status");//removing second class and adding first class
        }
      }
    });
}
</script>

HTML:

<?php

$record_id = $_GET['veh_id'];
include '../dbconnect.php';
//fetching data from database
$select=mysql_fetch_array(mysql_query("select invoice_checked from vehicle_details where veh_id = '$record_id' "));
?>

<!--The checkbox whose enable to change div his background color and onclick call function to update database-->

<table width=“100%”>

<td id="replace2" class="<?php if($select['invoice_checked']==1) { echo 'checked_div_status2'; } else{ echo 'replace2'; } ?>">
<input name="chk2" type="checkbox" id="chk2" value="1" onclick="chkit2(<?php echo $record_id;?>,'chk2');" <?php if($select['invoice_checked']==1) { echo 'checked'; } else{ echo ''; } ?> />
&nbsp;Invoice Checked
</td>

</table>

Ajax.php:

<?php
mysql_connect("server", "username", "password") or die("Could not connect: " . mysql_error());
mysql_select_db("database");
//here $get variable receive checkbox value true(1) either false(0)
$get=$_GET['chkYesNo'];
//here $get_id variable receive value of current id that you passed
$get_id=$_GET['record_id'];
$get_user=$_GET['full_name'];
if($get=="true")
{
    $mysql_query=mysql_query("update vehicle_details set hpi_registered='1', check_user='".$get_user."' where veh_id='".$get_id."'");
    $select=mysql_fetch_array(mysql_query("select hpi_registered from vehicle_details where veh_id='".$get_id."'"));
    echo $select['hpi_registered'];
}
else
{
    $mysql_query=mysql_query("update vehicle_details set hpi_registered='0', check_user='0' where veh_id='".$get_id."'");
    $select=mysql_fetch_array(mysql_query("select hpi_registered from vehicle_details where veh_id='".$get_id."'"));
    echo $select['hpi_registered'];
}

?>

任何帮助都会受到极大的欢迎。

谢谢,

约翰

1 个答案:

答案 0 :(得分:1)

为您调试一些东西。请检查我的评论:

// Do not need to replicate your code, if the same things happens in it.
//instead, use a condition to set your variables, and use these variables later.
if ($get == "true") {
    $hpi_registered = 1;
    //Escape your variable to avoid sql injection
    $checkUser = mysqli_real_escape_string($conn, $_GET["full_name"]);
} else {
    $hpi_registered = 0;
    $checkUser = 0;
}

//Store your query in a variable, so you can debug / dump it
//Let's dump it, see, what is your query, and try to run in directly in sql.
//Maybe it has syntax error.
$sql = "UPDATE vehicle_details SET"
    . " hpi_registered='" . intval($hpi_registered) . "',"
    . " check_user='" . $checkUser . "'"
    . " WHERE veh_id='" . intval($get_id) . "'";
mysqli_query($conn, $sql);
//What happens, if you run it directly in sql? If this fails, now here is your
//error.

$sql = "SELECT hpi_registered"
    . " FROM vehicle_details"
    . " WHERE veh_id='" . intval($get_id) . "'";
//Do the same like previous query.
$res = mysqli_query($conn, $sql);
$select = mysqli_fetch_array($res);

echo $select['hpi_registered'];
  • 不要使用mysql函数,因为它们已被弃用。请改用mysqliPDO

  • 通过转义变量来避免sql注入。