[英]SQL Insert and Delete query through AJAX
I am trying send insert and delete sql queries using AJAX and PHP. 我正在尝试使用AJAX和PHP发送插入和删除SQL查询。 I have checked the network tab of developer tools and I can see that when I click the input it successfully retrieves the values so the main issue I am having is inserting these values into the DB and deleting values from the DB.
我已经检查了开发人员工具的“网络”选项卡,并且可以看到,当我单击输入时,它成功检索到了值,所以我遇到的主要问题是将这些值插入到数据库中并从数据库中删除了值。
EDIT: No error messages return in regards to my SQL query so I am unsure whats happening. 编辑:关于我的SQL查询没有错误消息返回,所以我不确定发生了什么。
Here is my HTML and JQUERY code: 这是我的HTML和JQUERY代码:
$(document).ready(function() { $("#favbut").click(function() { var username = $("#usernamefav").val(); var lid = $("#lidfav").val(); var favourite = $("#favouritefav").val(); $.ajax({ url: "fave.php", type: "post", dataType: "json", data: { username: username, lid: lid, favourite: favourite } }); }); $("#unfavbut").click(function() { var username = $("#usernameunfav").val(); var lid = $("#lidunfav").val(); var favourite = $("#favouriteunfav").val(); $.ajax({ url: "unfave.php", type: "post", dataType: "json", data: { username: username, lid: lid, favourite: favourite } }); }); });
<input type="hidden" name="username" id="usernamefav" value='.$user.'> <input type="hidden" name="lid" id="lidfav" value='.$lid.'> <input type="hidden" name="favourite" id="favouritefav" value=YES> <input class="favButt fav" id="favbut" type="submit" name="faveBTN" value="Fave">'; <input type="hidden" name="username" id="usernameunfav" value='.$user.'> <input type="hidden" name="lid" id="lidunfav" value='.$lid.'> <input type="hidden" name="favourite" id="favouriteunfav" value=YES> <input class="favButt unfav" id="unfavbut" type="submit" name="unfaveBTN" value="unFave">';
Here is the php files: 这是php文件:
<?php
if(isset($_POST['favbut'])){
include 'includes/dbh.inc.php';
$username = $_POST['username'];
$lid = $_POST['lid'];
$favourite = $_POST['favourite'];
$sql = "INSERT INTO userslocation (fid,username,lid,favourite) VALUES ('','".$username."', '".$lid."','".$favourite."')";
$result = (mysqli_query($conn, $sql));
}
?>
<?php
if(isset($_POST['unfavbut'])){
include 'includes/dbh.inc.php';
$username = $_POST['username'];
$lid = $_POST['lid'];
$favourite = $_POST['favourite'];
$sql = "DELETE FROM userslocation WHERE username='$username' AND lid='$lid'";
$result = (mysqli_query($conn, $sql));
}
?>
Any help as to what is going wrong is appreciated! 关于出了什么问题的任何帮助,不胜感激!
Actually your queries looks good. 实际上,您的查询看起来不错。 But @RonCajan said right about possible SQL Injection.
但是@RonCajan对可能的SQL注入表示正确。
1) I think you have errors here: 1)我认为您在这里有错误:
if(isset($_POST['favbut'])) { ...
...
if(isset($_POST['unfavbut'])) { ...
You don't pass these values by your $.ajax requests. 您不会通过$ .ajax请求传递这些值。 Add them to your request or instead of passing them you can check isset of
lid
value. 将它们添加到您的请求中,或者代替传递它们,您可以检查
lid
值的isset。
Easy way to check it is to make echo 1;
检查它的简单方法是使
echo 1;
before condition and echo 2;
在条件和
echo 2;
之前echo 2;
inside statement block. 内部语句块。 And watch response.
并观察响应。
2) As @RonCajan said if your fid
column is auto_increment you should skip it in your query, don't set it as ''
. 2)正如@RonCajan所说,如果您的
fid
列是auto_increment,则应在查询中跳过它,不要将其设置为''
。
Also in php if you use double quotes you don't need to use concatenation to insert variables values. 同样在php中,如果使用双引号,则无需使用串联来插入变量值。 docs
文档
$query = "INSERT INTO userslocation (username, lid, favourite) VALUES ('${username}', '${lid}','${favourite}')";
And one more advice. 还有一个建议。 Learn how to use debug tools as xdebug .
了解如何将调试工具用作xdebug 。 It becomes much easier to find mistakes in your code.
在代码中发现错误变得容易得多。
Updated: 更新:
First of all your code is prone to SQL Injection. 首先,您的代码易于进行SQL注入。 Use prepared statement for security purposes.
为了安全起见,请使用准备好的语句。 Refer to this site to improve your code.
请访问此站点以改进您的代码。 http://php.net/manual/en/book.mysqli.php
http://php.net/manual/en/book.mysqli.php
I think you have mistaken this one. 我想您误会了这一点。
$sql = "INSERT INTO userslocation
(fid,username,lid,favourite) VALUES ('','".$username."',
'".$lid."','".$favourite."')";
Instead use this query : 而是使用以下查询:
$sql = "INSERT INTO userslocation
(username,lid,favourite) VALUES
('$username','$lid','$favourite')";
If your fid has an auto_increment by default you dont need to join it on your query and dont concatenate your query. 如果您的fid默认情况下具有auto_increment,则无需在查询中将其加入,也无需将查询串联。 I think concatenating is for connecting two string or for printing the text.
我认为串联是用于连接两个字符串或用于打印文本。
In your html code. 在您的html代码中。 Try to use
<?php echo $variable; ?>
尝试使用
<?php echo $variable; ?>
<?php echo $variable; ?>
in all your input value. 所有输入值中的
<?php echo $variable; ?>
。 Maybe it does not contain any value. 也许它不包含任何值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.