[英]MySQL - I have two query but one doesn't work, and one does. Help me please?
if ($_GET['action'] == "like")
{
mysql_query("UPDATE blog SET like=like+1 WHERE id=".$_GET['id']."");
header('Location: blog.php?id='.$_GET['id'].'');
}
else if ($_GET['action'] == "dislike")
{
mysql_query("UPDATE blog SET dislike = dislike+1 WHERE id = ".$_GET['id']."");
header('Location: blog.php?id='.$_GET['id'].'');
}
The "dislike" action works great! “不喜欢”动作效果很好! But the "like" one doesn't.
但是“喜欢”的却不是。 It's close to be the same thing?
几乎是同一回事吗?
Can someone help me??? 有人能帮我吗???
LIKE is a keyword. LIKE是一个关键字。 Use backticks :
使用反引号:
UPDATE blog SET `like`=`like`+1 ...
In general, it's much better not to name column after keywords ( LIKE,CASE,SELECT,WHERE
, etc). 通常,最好不要在关键字(
LIKE,CASE,SELECT,WHERE
等)之后命名列。
Example 例
mysql_query("UPDATE blog SET `like`=`like`+1 WHERE id='".
mysql_real_escape_string($_GET['id'])."'");
Or if your id is integer, you can do in this particular case just .... WHERE id=".(int)$_GET['id']
或者,如果您的id是整数,则可以在这种特殊情况下执行
.... WHERE id=".(int)$_GET['id']
A good plan would be to check the return value from mysql_error() to get the actual error from MySQL (You can check this by simply echo'ing mysql_error()). 一个好的计划是检查mysql_error()的返回值以获得MySQL的实际错误(您可以通过简单地回显mysql_error()来检查此错误)。
Other than that you really want to throw in an exit() after the call to header() to actually terminate the execution of the script right there, and you also want to add mysql_real_escape_string to escape the GET-arguments you're passing in to MySQL. 除此之外,您还真的想在调用header()之后抛出exit()以实际上终止脚本的执行,并且还想添加mysql_real_escape_string来转义要传递到的GET参数。 MySQL的。 You do not want to use user supplied data like that unescaped or unfiltered.
您不想使用用户提供的未转义或未过滤的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.