评分正确的记录PHP SQL
[英]Rating correct record PHP SQL
问题描述
I have no idea how to make "plus / minus" rating to the correct record, I tried to do this in while loop, which shows all the records, but it's rating only the first record. 
我不知道如何对正确的记录进行“正/负”评级,我试图在while循环中执行此操作,该循环显示了所有记录,但仅对第一条记录进行了评级。 How to refer to correct record? 如何参考正确的记录? I'm newbie in PHP. 我是PHP的新手。 Here's my code: 这是我的代码:
if (isset($_GET['najstarsze']))
{
$sql = "SELECT * FROM wpisy ORDER BY id";
}
else
{
$sql = "SELECT * FROM wpisy ORDER BY id DESC";
}
$stmt = $db->query($sql);
$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0){
while($row = $stmt->fetch()){
echo "
<div class='data'>
".$row['data']."
</div><br>
<div class='daneautora'>
<b>Ocena: </b>".$row['ocena']."<br>
<b>Nr: </b>".$row['id']."<br>
<b>Nick: </b>".$row['nick']."<br>
<b>E-mail: </b>".$row['email']."<br>
<b>Wpis: </b><br></div>
<div class='suchar'>
<p>
".$row['tresc']."
</p>
</div>
<div class='ocena'>
<p><a href='index.php?plus=true'>+</a> <a href='index.php?minus=true'>-</a></p>
</div>
<hr>
";
if (isset($_GET['plus']))
{
$sql = "UPDATE wpisy SET ocena = ocena + 1 WHERE id = ".$row['id']."";
$stmt = $db->query($sql);
$stmt->execute();
}
else
{
if (isset($_GET['minus']))
{
$sql = "UPDATE wpisy SET ocena = ocena - 1 WHERE id = ".$row['id']."";
$stmt = $db->query($sql);
$stmt->execute();
}
}
}
}
2 个解决方案
解决方案1
2 已采纳 2017-01-07 19:00:45
You need to update the link so it has a reference to the record you want to update. 您需要更新链接,以便它具有要更新的记录的引用。 Try: 尝试:
index.php?plus=true&id=' . $row['id']
You also probably want to update the isset to include this new parameter as well. 您可能还希望更新isset使其也包含此新参数。
if (isset($_GET['plus'], $_GET['id']))
Then you need to use prepared statements with parameterized queries so you aren't susceptible to SQL injections. 然后,您需要对参数化查询使用准备好的语句,这样就不会受到SQL注入的影响。 Here's an example: 这是一个例子:
$sql = "UPDATE wpisy SET ocena = ocena + 1 WHERE id = ?";
$stmt = $db->prepare($sql);
$stmt->execute(array($_GET['id']));
Also when using query() you don't need execute() , that executes as well. 同样,当使用query()您也不需要execute() 。 The execute is to execute a prepared statement. execute是执行准备好的语句。
PDOStatement::execute — Executes a prepared statement
- http://php.net/manual/en/pdostatement.execute.php -http://php.net/manual/en/pdostatement.execute.php
解决方案2
0 2017-01-07 18:44:21
- You need to move your block where you're setting rating (
if (isset($_GET['plus']))...) outsidewhileblock您需要将设置评分( if (isset($_GET['plus']))...)的块移动到while块外 - Use parameter binding instead of passing variable right in SQL query string to avoid SQL injection. 使用参数绑定而不是在SQL查询字符串中正确传递变量,以避免SQL注入。
There is nice PDO tutorial 有一个不错的PDO教程
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.