堆栈内存溢出
  简体   繁体   English

通过AJAX进行SQL插入和删除查询

[英]SQL Insert and Delete query through AJAX

 原文  2019-02-16 00:22:03       php/ jquery/ sql/ ajax

问题描述

I am trying send insert and delete sql queries using AJAX and PHP. 我正在尝试使用AJAX和PHP发送插入和删除SQL查询。 I have checked the network tab of developer tools and I can see that when I click the input it successfully retrieves the values so the main issue I am having is inserting these values into the DB and deleting values from the DB. 我已经检查了开发人员工具的“网络”选项卡,并且可以看到,当我单击输入时,它成功检索到了值,所以我遇到的主要问题是将这些值插入到数据库中并从数据库中删除了值。

EDIT: No error messages return in regards to my SQL query so I am unsure whats happening. 编辑:关于我的SQL查询没有错误消息返回,所以我不确定发生了什么。

Here is my HTML and JQUERY code: 这是我的HTML和JQUERY代码: 

  $(document).ready(function() { $("#favbut").click(function() { var username = $("#usernamefav").val(); var lid = $("#lidfav").val(); var favourite = $("#favouritefav").val(); $.ajax({ url: "fave.php", type: "post", dataType: "json", data: { username: username, lid: lid, favourite: favourite } }); }); $("#unfavbut").click(function() { var username = $("#usernameunfav").val(); var lid = $("#lidunfav").val(); var favourite = $("#favouriteunfav").val(); $.ajax({ url: "unfave.php", type: "post", dataType: "json", data: { username: username, lid: lid, favourite: favourite } }); }); }); 
 <input type="hidden" name="username" id="usernamefav" value='.$user.'> <input type="hidden" name="lid" id="lidfav" value='.$lid.'> <input type="hidden" name="favourite" id="favouritefav" value=YES> <input class="favButt fav" id="favbut" type="submit" name="faveBTN" value="Fave">'; <input type="hidden" name="username" id="usernameunfav" value='.$user.'> <input type="hidden" name="lid" id="lidunfav" value='.$lid.'> <input type="hidden" name="favourite" id="favouriteunfav" value=YES> <input class="favButt unfav" id="unfavbut" type="submit" name="unfaveBTN" value="unFave">';

Here is the php files: 这是php文件: 

<?php
if(isset($_POST['favbut'])){
include 'includes/dbh.inc.php';

$username = $_POST['username'];
$lid = $_POST['lid'];
$favourite = $_POST['favourite'];

$sql = "INSERT INTO userslocation (fid,username,lid,favourite) VALUES ('','".$username."', '".$lid."','".$favourite."')";
$result = (mysqli_query($conn, $sql));          
}
?>

<?php

if(isset($_POST['unfavbut'])){
    include 'includes/dbh.inc.php';
$username = $_POST['username'];
$lid = $_POST['lid'];
$favourite = $_POST['favourite'];

$sql = "DELETE FROM userslocation WHERE username='$username' AND lid='$lid'";
$result = (mysqli_query($conn, $sql));          
}
?>

Any help as to what is going wrong is appreciated! 关于出了什么问题的任何帮助,不胜感激!

2 个解决方案

解决方案1
 1 已采纳  2019-02-16 01:50:23

Actually your queries looks good. 实际上,您的查询看起来不错。 But @RonCajan said right about possible SQL Injection. 但是@RonCajan对可能的SQL注入表示正确。

1) I think you have errors here: 1)我认为您在这里有错误: 

if(isset($_POST['favbut'])) { ...
...
if(isset($_POST['unfavbut'])) { ...

You don't pass these values by your $.ajax requests. 您不会通过$ .ajax请求传递这些值。 Add them to your request or instead of passing them you can check isset of lid value. 将它们添加到您的请求中,或者代替传递它们,您可以检查lid值的isset。

Easy way to check it is to make echo 1; 检查它的简单方法是使echo 1; before condition and echo 2; 在条件和echo 2;之前echo 2; inside statement block. 内部语句块。 And watch response. 并观察响应。

2) As @RonCajan said if your fid column is auto_increment you should skip it in your query, don't set it as '' . 2)正如@RonCajan所说,如果您的fid列是auto_increment,则应在查询中跳过它,不要将其设置为''

Also in php if you use double quotes you don't need to use concatenation to insert variables values. 同样在php中,如果使用双引号,则无需使用串联来插入变量值。 docs 文档 

$query = "INSERT INTO userslocation (username, lid, favourite) VALUES ('${username}', '${lid}','${favourite}')";

And one more advice. 还有一个建议。 Learn how to use debug tools as xdebug . 了解如何将调试工具用作xdebug It becomes much easier to find mistakes in your code. 在代码中发现错误变得容易得多。

解决方案2
 0  2019-02-16 00:41:47

Updated: 更新:

First of all your code is prone to SQL Injection. 首先,您的代码易于进行SQL注入。 Use prepared statement for security purposes. 为了安全起见,请使用准备好的语句。 Refer to this site to improve your code. 请访问此站点以改进您的代码。 http://php.net/manual/en/book.mysqli.php http://php.net/manual/en/book.mysqli.php

I think you have mistaken this one. 我想您误会了这一点。 

$sql = "INSERT INTO userslocation 
(fid,username,lid,favourite) VALUES ('','".$username."', 
'".$lid."','".$favourite."')";

Instead use this query : 而是使用以下查询: 

$sql = "INSERT INTO userslocation 
(username,lid,favourite) VALUES 
('$username','$lid','$favourite')";

If your fid has an auto_increment by default you dont need to join it on your query and dont concatenate your query. 如果您的fid默认情况下具有auto_increment,则无需在查询中将其加入,也无需将查询串联。 I think concatenating is for connecting two string or for printing the text. 我认为串联是用于连接两个字符串或用于打印文本。

In your html code. 在您的html代码中。 Try to use <?php echo $variable; ?> 尝试使用<?php echo $variable; ?> <?php echo $variable; ?> in all your input value. 所有输入值中的<?php echo $variable; ?> Maybe it does not contain any value. 也许它不包含任何值。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 magento 1.9 通过 sql 查询插入产品 - magento 1.9 insert product through sql query 在通过ajax Json格式提交时在mysql中插入查询问题 - Insert Query issues in mysql while submitting through ajax Json format 我正在尝试通过Ajax插入图像。 但是查询没有被执行 - I'm trying to insert image through Ajax . But the query is not getting executed 如何在sql中同时使用插入、更新、删除查询? - How to use insert, update, delete query in sql at same time? 通过Ajax删除Laravel中的操作 - Delete Operation in Laravel Through ajax 插入/删除网站的查询设计 - insert/delete query design of website 在PHP中删除的SQL查询 - SQL Query to Delete in PHP 删除查询sql - Delete query sql IF 查询在 SQL DELETE 在 PHP 中 - IF Query in SQL DELETE in PHP SQL 插入和删除逻辑建议 - SQL insert and delete logic advice
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM