需要向此文件添加count(*)和if语句

时间:2015-09-20 11:47:24

标签: php mysql count

当我将SELECT *更改为SELECT count(*)时,脚本会完全停止工作。如果$ user> = 20的行数允许INSERT,则如何向此文件和语句添加计数(*)。

// Include needed files

include 'mysql.php';

// Connect to MySQL

connectMySQL();

//****** SECURITY CHECK *********

session_start();
if(isset($_SESSION['userid'])){
$user = mysql_real_escape_string($_SESSION['userid']); 

//*******************************

  // Retrieves variables through AJAX

$favid = mysql_real_escape_string($_GET['favid']);
// $favid = mysql_real_escape_string($_GET['favid']);

// Firstly, check if article is favourite or not

$query = mysql_query("SELECT * FROM ajaxfavourites WHERE user='$user' AND  favid='$favid'");
$matches = mysql_num_rows($query);

// If it is not favourited, add as favourite

if($matches == '0'){
mysql_query("INSERT INTO ajaxfavourites (user, favid, exptime) VALUES ('$user', '$favid', CURRENT_TIMESTAMP)");

echo "";
}


// Instead, if it is favourited, then remove from favourites

if($matches != '0'){
mysql_query("DELETE FROM ajaxfavourites WHERE user='$user' AND favid='$favid'");

echo "";
}

} else {

// Someone tries to directly access the file!

echo "Invalid session!";

}

谢谢!

2 个答案:

答案 0 :(得分:0)

尝试使用下面的查询,如果请求的用户会话将是20+,则使用下面的查询然后只有insert语句将执行else insert语句将被忽略。

INSERT INTO ajaxfavourites(USER,favid ,exptime)  
SELECT  1 AS USER, 1 AS favid, NOW() AS exptime
FROM ajaxfavourites WHERE USER=1  HAVING COUNT(*) >=20;

答案 1 :(得分:0)

请执行必要的步骤以避免SQL注入,同时尝试使用mysqli_*函数而不是mysql_*函数

$query = mysql_query("SELECT COUNT(*) as cnt FROM ajaxfavourites WHERE user='$user' AND  favid='$favid'");
$res = mysql_fetch_array($query);

// If it is not favourited, add as favourite

if($res[cnt] == 0){
    mysql_query("INSERT INTO ajaxfavourites (user, favid, exptime) VALUES ('$user', '$favid', CURRENT_TIMESTAMP)");

    echo "";
}

// Instead, if it is favourited, then remove from favourites

if($res[cnt] > 0){
    mysql_query("DELETE FROM ajaxfavourites WHERE user='$user' AND favid='$favid'");

    echo "";
}