使用jQuery Ajax和PHP更新SQL数据库
[英]Updating SQL database using jQuery Ajax and PHP
问题描述
So i am trying to use ajax to update a value in my sql database by grabbing the link that was clicked and finding that link in the database. 
所以我试图通过抓取被点击的链接并在数据库中找到该链接来使用ajax来更新我的sql数据库中的值。 I'm not sure why it isn't working :\\ 我不确定为什么它不起作用:
$('.visit').click( function() {
var thisLink = $(this).attr('href');
$.post("visit.php", { link: thisLink});
});
<?php
$link = $_POST['link'];
mysql_query("UPDATE items SET visited = 1 WHERE link = $link");
include("print.php");
?>
3 个解决方案
解决方案1
2 2011-03-07 01:43:42
To prevent the SQL injection use something like the following (typed from memory...double check). 为了防止SQL注入使用类似下面的内容(从内存中键入...双重检查)。
<?php
$db = new PDO('connection string', 'username', 'password');
$query = "UPDATE items SET visited=1 WHERE link=:link";
$stmt = $db->prepare($query);
$stmt->execute(array(':link' => $link));
?>
Bob 短发
解决方案2
2 2011-03-07 01:44:20
$('.visit').click( function() {
var thisLink = $(this).attr('href');
$.post("visit.php", { link: thisLink});
});
<?php
$link = $_POST['link'];
mysql_query("UPDATE items SET visited = '1' WHERE link = '".mysql_real_escape_string($link)."'");
include("print.php");
?>
use single quote around SET and WHERE params. 在SET和WHERE参数周围使用单引号。 Also, mysql_escape_real_string inputs into database for SQL injection 此外,mysql_escape_real_string输入到数据库以进行SQL注入
解决方案3
1 2011-03-07 01:23:01
<?php
$link = $_POST['link'];
mysql_query("UPDATE items SET visited = 1 WHERE link = '$link'");
include("print.php"); // what print.php does ?
?>
put quotes around $link 在$ link附近加上引号
compare $link with value in database field - it need to be exaclly match 将$ link与数据库字段中的值进行比较 - 它需要与exaclly匹配
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.