以下代码假定idno(主键)继续并从1开始 但是,我将id设置为自动增量和删除 随着时间的推移,idno可能不会从1开始,可能会停止 如何修改代码以应对这种情况?
jQuery的:
$(document).ready(function(){
function slideout(){
setTimeout(function(){
$("#response").slideUp("slow", function () {
});
}, 2000);
}
$("#response").hide();
$(function() {
$("#list ul").sortable({ opacity: 0.8, cursor: 'move', update: function() {
var order = $(this).sortable("serialize") + '&update=update';
$.post("updateList.php", order, function(theResponse){
$("#response").html(theResponse);
$("#response").slideDown('slow');
slideout();
});
}
});});});
HTML
<body>
<div id="container">
<div id="list">
<div id="response"> </div>
<ul>
<?php
include("connect.php");
// $query = "SELECT id, text FROM dragdrop ORDER BY listorder ASC";
$query = "SELECT id, name, type FROM project_list ORDER BY 'order' ASC";
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$id = stripslashes($row['id']);
$name = stripslashes($row['name']);
$type = stripslashes($row['type']);
?>
<li id="arrayorder_<?php echo $id ?>"> <?php echo $name?> <?php echo $type; ?>
<div class="clear"></div>
</li>
<?php
}
?>
</ul>
</div>
</div>
</body>
updateList.php
<?php
include("connect.php");
$array = $_POST['arrayorder'];
if ($_POST['update'] == "update") {
$count = 1;
foreach ($array as $idval) {
$query = "UPDATE project_list SET 'order' = " . $count . " WHERE id = " . $idval;
mysql_query($query) or die('Error, insert query failed');
$count ++;
}
echo 'Updated!';
}
?>
答案 0 :(得分:0)
你有一个SQL注入漏洞(我听说SONY正在招聘)。
将最后一个代码块更改为:
<?php
include("connect.php");
$array = mysql_real_escape_string($_POST['arrayorder']);
if ($_POST['update'] == "update"){
$count = 1;
foreach ($array as $idval) {
$query = "UPDATE project_list SET `order` = '$count' WHERE id = '$idval'";
mysql_query($query) or die('Error, update query failed');
$count ++;
}
echo 'Updated!';
}
?>
这将修复SQL注入漏洞。请注意,用'单引号括起注入的字段至关重要,否则mysql_real_escape_string()将无效!
order之类的保留字也需要用反引号`括起来,而不是单引号。