即时通讯与我的PHP代码有一些问题

时间:2014-12-15 13:56:19

标签: php mysql sql-update

由于某种原因我的代码如果mysql中已经存在user_cardname,它不会更新它,而是放置一个新的。 

 <?php
require_once("config.php");
$auth_host = $GLOBALS['auth_host'];
$auth_user = $GLOBALS['auth_user'];
$auth_pass = $GLOBALS['auth_pass'];
$auth_dbase = $GLOBALS['auth_dbase'];
$user_name = stripslashes($_POST['username']);
$user_donateamount = intval($_POST['DonateAmount']);
$user_cardname = stripslashes($_POST['CardName']);
$result = "fail";
$db = mysql_connect($auth_host, $auth_user, $auth_pass) or die (mysql_error());
if (mysql_select_db($auth_dbase,$db)) {
    if ($sql = mysql_query("SELECT * FROM user WHERE name = '" . mysql_real_escape_string($user_name) . "'")) {
        if ($row = mysql_fetch_array($sql)) {
            if ($user_donateamount <= $row['credits']) {
                if ($sql1 = mysql_query("SELECT * FROM scores WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                    if($row = mysql_fetch_array($sql)) {
                        if (mysql_query("UPDATE scores SET score = score + $user_donateamount WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
                            $result = "success";
                        }
                    } else {
                        if (mysql_query("INSERT INTO scores (name,score) VALUES ('". mysql_real_escape_string($user_cardname) ."', $user_donateamount)")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
$result = "success";
                        }
                    }
                }
            }
        }
    }
}
mysql_close($db);
echo $result;

这就是假设发生的事情:

这是运行此php文件的代码的html版本

https://www.dropbox.com/s/lhxwgzzgsl79h0r/testform.html?dl=0 谢谢

1 个答案:

答案 0 :(得分:0)

那是因为你在第六个if语句中使用了错误的$sql源。将其更改为:

if($row = mysql_fetch_array($sql1)) {

所以你会得到这个:

if (mysql_select_db($auth_dbase,$db)) {
    if ($sql = mysql_query("SELECT * FROM user WHERE name = '" . mysql_real_escape_string($user_name) . "'")) {
        if ($row = mysql_fetch_array($sql)) {
            if ($user_donateamount <= $row['credits']) {
                if ($sql1 = mysql_query("SELECT * FROM scores WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                    if($row = mysql_fetch_array($sql1)) {
                        if (mysql_query("UPDATE scores SET score = score + $user_donateamount WHERE name = '" . mysql_real_escape_string($user_cardname) . "'")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
                            $result = "success";
                        }
                    } else {
                        if (mysql_query("INSERT INTO scores (name,score) VALUES ('". mysql_real_escape_string($user_cardname) ."', $user_donateamount)")) {
                            mysql_query("UPDATE user SET credits = credits - $user_donateamount WHERE name = '" . mysql_real_escape_string($user_name) . "'");
                            $result = "success";
                        }
                    }
                }
            }
        }
    }
}

是的,杰伊布兰查德是对的。你不应该再使用mysql_*了。请阅读评论。

相关问题
最新问题