<?php
$connect = mysqli_connect('localhost', 'root', 'samagulf', 'wordpress');
$input = filter_input_array(INPUT_POST);
$country = mysqli_real_escape_string($connect, $input["country"]);
$city = mysqli_real_escape_string($connect, $input["city"]);
$for = mysqli_real_escape_string($connect, $input["for"]);
$title = mysqli_real_escape_string($connect, $input["title"]);
$details = mysqli_real_escape_string($connect, $input["details"]);
$price = mysqli_real_escape_string($connect, $input["price"]);
$email = mysqli_real_escape_string($connect, $input["email"]);
$phone = mysqli_real_escape_string($connect, $input["phone"]);
$photo = mysqli_real_escape_string($connect, $input["photo"]);
if($input["action"] === 'edit') {
$query = "UPDATE wp_wpdatatable_1
SET country=' " . $country . " ',city=' " . $city . " ',for=' " . $for . " ',title='
" . $title . " ',details=' " . $details . " ',price=' " . $price . " ',email='
" . $email . "
',phone=' " . $phone . " ',photo=' " . $photo . " '
where wdt_ID=' " . $input["wdt_ID"] . " ' ";
mysqli_query($connect, $query);
}
if($input["action"] === 'delete') {
$query = "DELETE FROM wp_wpdatatable_1
where wdt_ID=' " . $input["wdt_ID"] . " ' ";
mysqli_query($connect, $query);
}
echo json_encode($input);
?>
答案 0 :(得分:0)
在这里,使用预备语句。这将解决您所引发的问题,例如引用。它也会阻止SQL注入。 N.B你不需要再逃避了。使用准备好的陈述时没有必要
$stmt = $connect->prepare("UPDATE wp_wpdatatable_1 SET country=?, city=?, for=?, title=?, details=?, price=?, email=? phone=? photo=? WHERE wdt_ID=?");
$stmt->bind_param('sssssssss', $country, $city, $for, $title, $details, $price, $email, $phone, $photo, $input['wdt_ID']); //bind placeholders to values
if($stmt->execute() == true){//check for success/failure(returns true/false)
echo 'Updated';//it worked
} else {
echo 'Failed to update: '.$connect->error; //Oops error.
}