I have created a table to display the top 10 high scores for a game by the users. i am trying to create a form which allows the user to enter their new high score in the form, hit submit, then the database is updated and the new leaderboard with the newly entered high score is displayed. but when i go to change the high score the database isnt updated and the table doesnt change. this is really frustraiting me and if anyone knows why this could be happening and could give some advice that would be great. my code is below/
<?php
class DatabaseManager
{
private $servername = "localhost";
private $username = "root";
private $password = "";
private $dbname = "sokodatabase";
private $dbc;
function __construct() {
$this->dbc = mysqli_connect($this->servername, $this->username, $this->password, $this->dbname);
}
function __destruct() {
mysqli_close($this->dbc);
}
public function SelectHighScores(){
// Create a query for the database
$query = "
SELECT username, highScores, rankNo
FROM users, leaderboardhighscores
WHERE users.id = leaderboardhighscores.userId
ORDER BY highScores desc
LIMIT 10";
// Get a response from the database by sending the connection
// and the query
$response = @mysqli_query($this->dbc, $query);
// If the query executed properly proceed
if($response){
echo '<table>
<tr><td><b>Rank</b></td>
<td><b>Username</b></td>
<td><b>High Score</b></td></tr>';
// mysqli_fetch_array will return a row of data from the query
// until no further data is available
while($row = mysqli_fetch_array($response)){
echo '<tr><td>' .
$row['rankNo'] . '</td><td>' .
$row['username'] . '</td><td>' .
$row['highScores'] . '</td><td>';
echo '</tr>';
}
echo '</table>';
} else {
echo "Couldn't issue database query<br />";
}
}
}
?>
my html with php to create form...
<div class = "leaderboard">
<?php
// Get a connection for the database
require_once('../sokodatabase.php');
$manager = new DatabaseManager;
$manager->SelectHighScores();
//if(isset($_POST['submit'])){
//require_once('../sokodatabase.php');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$query = "
UPDATE leaderboardHighScores
SET highScores=".$_POST["highScores"].", rankNo=".$_POST["rankNo"]."
WHERE userId=".$_POST["userId"];
//var_dump($_POST);
//echo $query;
@mysqli_query($this, $query);
}
//}
?>
<form method="post" action="highScores.php">
high score <input type="text" name="highScores"/>
rankNo <input type="text" name="rankNo"/>
userId <input type="text" name="userId"/>
<input type="submit" value="Submit">
</form>
</div>
答案 0 :(得分:2)
首先,对于安全措施,始终在用于查询之前清理用户输入。
其次,你也不需要@之前的mysqli_query - 除非你试图压制该函数抛出的任何和所有的错误/警告。
第三,尝试为SQL使用相同的案例;您在课程中使用了leaderboardhighscores,然后在代码的第二部分使用了leaderboardHighScores;我不知道哪个是数据库中的真实姓名,但是对于前者是假设的,因为这就像你说的那样工作。我这样说是因为区分大小写可能会导致问题,请在此问题上阅读MySQL docs。
第四,你在一个没有任何意义的页面上使用$this之外的一个类(如果不是另一个)。
将此功能添加到DatabaseManager类:
public function SetHighScores($uid, $score, $rank) {
$uid = mysql_real_escape_string($uid);
$score = mysql_real_escape_string($score);
$rank = mysql_real_escape_string($rank);
$query = "UPDATE leaderboardhighscores SET highScores='{$score}', rankNo='{$rank}' WHERE userId='{$uid}';";
return mysqli_query($this->dbc, $query);
}
然后这会出现在你的页面上:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$manager->SetHighScores($_POST['userId'], $_POST['highScores'], $_POST['rankNo']);
}
另外,你应该研究PDO_MYSQL,这是一个更好的选择,但我明白你所做的事情对我学习基础知识有好处。
答案 1 :(得分:1)
试试这个
$result = mysqli_query($manager->dbc, $query);
if ( ! $result ) {
echo 'Error code '
. mysqli_errno($manager->dbc)
. ' Error message '
. mysqli_error($manager->dbc);
}
因为$ manager是在正在执行的代码范围内保存DatabaseManager类的对象实例的变量,并且该对象具有包含数据库连接句柄的名为dbc的属性。
正如@ x3ns在他/她的评论中所说,你还需要像这样更改DatabaseManager代码
class DatabaseManager
{
private $servername = "localhost";
private $username = "root";
private $password = "";
private $dbname = "sokodatabase";
public $dbc; //<-- change here
这样您就可以从对象本身外部访问该属性。
这是一个快速修复,但说实话,你最好停下来阅读@ x3ns的答案并应用大部分(如果不是全部)他/她的建议。
虽然我想再添加一个。
直接从类方法生成输出是非常糟糕的做法,就像在public function SelectHighScores()
直接从方法回显完全破坏了子类化和修改该方法活动的能力。将输出生成为变量并返回该变量要好得多。然后,如果我想继承你的方法,我可以选择以某种方式修改它的结果。
答案 2 :(得分:-1)
尝试替换:
@mysqli_query($this, $query);
使用:
@mysqli_query($this->dbc, $query);