限制插入DB,PHP / AJAX的条目数

时间:2011-07-01 22:14:10

标签: php mysql ajax

我目前正在尝试构建一个功能,我的网站上的用户可以解决3个不同的兴趣。我的兴趣是使用AJAX插入到数据库中,我的脚本在下面......

形式:

<div id="insert_response"></div>
<form action="javascript:insert()" method="post">
<input name="useridint" type="hidden" id="useridint" value="<?php echo $usersClass->userID(); ?>"/>

AJAX:

function createObject() {
var request_type;
var browser = navigator.appName;
if(browser == "Microsoft Internet Explorer"){
request_type = new ActiveXObject("Microsoft.XMLHTTP");
}else{
request_type = new XMLHttpRequest();
}
return request_type;
}

var http = createObject();
/* -------------------------- */
/* INSERT */
/* -------------------------- */
/* Required: var nocache is a random number to add to request. This value solve an Internet Explorer cache issue */
var nocache = 0;
function insert() {
// Optional: Show a waiting message in the layer with ID login_response
document.getElementById('insert_response').innerHTML = "Just a second..."
// Required: verify that all fileds is not empty. Use encodeURI() to solve some issues about character encoding.
var useridint= encodeURI(document.getElementById('useridint').value);
var interest = encodeURI(document.getElementById('interest').value);
// Set te random number to add to URL request
nocache = Math.random();
// Pass the login variables like URL variable
http.open('get', 'upd_interests.php?useridint= '+useridint+'&interest=' +interest+'&nocache = '+nocache);
http.onreadystatechange = insertReply;
http.send(null);
}
function insertReply() {
if(http.readyState == 4){ 
var response = http.responseText;
// else if login is ok show a message: "Site added+ site URL".
document.getElementById('insert_response').innerHTML = response;
}
}

PHP:

<?php require 'config.inc.php'; ?>

<!-- Verify if user exists for login -->
<?php
if(isset($_GET['useridint']) && isset($_GET['interest'])){

$url= $_GET['useridint'];
$sitename= $_GET['interest'];

$insertSite_sql = "INSERT INTO user_interests (user_id, interest) VALUES('{$url}' , '{$sitename}')";
$insertSite= mysql_query($insertSite_sql) or die(mysql_error());

echo $sitename;
} else { 
echo 'Error! Please fill all fileds!';
}
?>

我要问的是,我是否有可能在每个用户的数据库中只有3条记录?因此,一旦用户输入3行,他就不能再输入更多内容了?如果是这样,最好的选择是什么?

由于

为了回应@Daniel的建议,我尝试了以下只是现在没有插入...... 

$res = mysql_query("select count(*) as cnt from user_interests where user_id=$useridint")
while($r=mysql_fetch_array($res))
{
if($r["cnt"] < 3)
{
if(isset($_GET['useridint']) && isset($_GET['interest'])){

$url= $_GET['useridint'];
$sitename= $_GET['interest'];

$insertSite_sql = "INSERT INTO user_interests (user_id, interest) VALUES('{$url}' , '{$sitename}')";
$insertSite= mysql_query($insertSite_sql) or die(mysql_error());

echo $sitename;
} else { 
echo 'Error! Please fill all fileds!';
}
}
  else
{
 echo "you have 3 ";
}
}

3 个答案:

答案 0 :(得分:1)

跑步。还有一个好主意是逃避用户输入。以防万一用户决定他最喜欢的网站;删除数据库 - ; 

$res = mysql_query("select count(*) as cnt from user_interests where user_id=$useridint")
while($r=mysql_fetch_array($res))
{
  if($r["cnt"] < 3)
  {
     insert
  }
  else
  {
     error
  }
}

答案 1 :(得分:0)

你应该在触发器上使用存储过程,与任何PHP控件相比,它将更快(没有额外的查询和提取)并且更安全(无法被错误地绕过)。试试这种代码:

CREATE TRIGGER myTrigger ON user_interests
BEFORE INSERT AS

    DECLARE @rowcount tinyint
    SELECT @rowcount = (SELECT COUNT(*) FROM user_interests, inserted
                                                        WHERE user_id=:new.user_id

    IF @rowcount > 3
    BEGIN
         RAISERROR ('The maximum number of interests has been reached')
    END;

GO

我没有尝试代码,但这应该非常适合您的需求。

答案 2 :(得分:0)

$insertSite_sql = "
    INSERT INTO user_interests (user_id, interest)
    SELECT '{$url}' , '{$sitename}'
    FROM (SELECT 1) AS dummy
    WHERE ( SELECT COUNT(*)
            FROM user_interests
            WHERE user_id = '{$url}'
          ) < 3
";

这很容易被修改,因此用户对允许保存的兴趣有不同的限制。

相关问题
最新问题