我正在尝试todo是制作一个高分页面,每次更新我希望它进入相同的条目,所以如果用户名是重复我希望它用当前信息更新,然后发布信息,之后看着互联网上的一些东西我尝试了下面的代码,这给了我错误列数与第1行的值计数不匹配。任何人都可以告诉我我做错了,因为我是PHP + MySql的新手。
mysql_query("INSERT INTO $table(Username, Time, Videos, Credits) VALUES ('$user', '$time', '$videos', '$credits',
'ON DUPLICATE KEY UPDATE', Time='Time+$time', Videos='Videos+$videos', Credits='Credits+$credits')", $conn);
答案 0 :(得分:6)
语法不正确,您正在传递'on duplicate update'并将其规则作为插入值的值。正确的查询将是
mysql_query("
INSERT INTO
$table(Username, Time, Videos, Credits)
VALUES
('$user', '$time', '$videos', '$credits')
ON DUPLICATE KEY UPDATE
Time=Time+'$time',
Videos=Videos+'$videos',
Credits=Credits+'$credits'
",
$conn
);
答案 1 :(得分:1)
此代码是SQL注入的噩梦。
确保根据白名单检查动态表名称,如下所示:
$user = mysql_real_escape_string($_GET['user']);
$time = mysql_real_escape_string($_GET['time']);
$videos = mysql_real_escape_string($_GET['videos']);
$credits = mysql_real_escape_string($_GET['credits']);
$allowed_tables = array('table1', 'table2');
$table = $_POST['table'];
$query = ""; //do nothing
if (in_array($table, $allowed_tables)) { //<<-- check against whitelist.
$query = "
INSERT INTO
$table(Username, Time, Videos, Credits)
VALUES
('$user', '$time', '$videos', '$credits')
ON DUPLICATE KEY UPDATE
Time=Time+'$time',
Videos=Videos+'$videos',
Credits=Credits+'$credits'
"
}
mysql_query($query, $con);