[英]My prepared statement returns “null”
我正在閱讀有關防止SQL注入的信息,並嘗試轉換代碼。 在更改它之前,加載頁面時,我將使用'input[name="amount"]'
的內容更新sql,並將id“ freetexts”的文本更改為echo json_encode($result);
發出了。 現在,在我更改它之后,自由文本的值不斷變為“ null”
這是我的PHP
<?php
$username="XXX";
$password="XXX";
$database="XXX";
$amount = $_POST["amount"];
$conn = new mysqli(localhost, $username, $password, $database);
// Check connection
if(mysqli_connect_errno()) {
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
/* create a prepared statement */
if ($stmt = $conn->prepare("UPDATE freetexts SET amount = amount - ? WHERE 1")) {
}
/* Bind parameters: s - string, b - blob, i - int, etc */
$stmt -> bind_param("s", $amount);
//$update = "UPDATE freetexts SET amount = amount - '$amount' WHERE 1";
/* Execute it */
$stmt -> execute();
/* Bind results */
$stmt -> bind_result($result);
/* Fetch the value */
$stmt -> fetch();
echo json_encode($result);
/* Close statement */
$stmt -> close();
?>
這是我的javascript
var amount = $('input[name="amount"]').val();
$.ajax({
type: 'POST',
data: {
amount: amount
},
url: 'textlimit.php',
success: function(data) { //Receives the data from the php code
document.getElementById('freetexts').innerHTML = "Current FREE texts left: " + data;
},
error: function(xhr, err) {
console.log("readyState: " + xhr.readyState + "\nstatus: " + xhr.status);
console.log("responseText: " + xhr.responseText);
}
});
感謝@tkausl和@Darren,我意識到代碼中沒有實際選擇我想要的行的地方。 我還了解到WHERE 1
實際上什么也不做。 這是經過修訂的php,可以完美運行,但我也懷疑它是否已優化。 我有什么想法可以使代碼更好? 例如刪除$stmt -> fetch();
如果沒有必要
<?php
define('DB_SERVER', "localhost");
define('DB_USER', "XXX");
define('DB_PASSWORD', "XXX");
define('DB_DATABASE', "XXX");
$amount = $_POST["amount"];
$mysqli = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_DATABASE);
// Check connection
if(mysqli_connect_errno()) {
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE freetexts SET amount = amount - ?")) {
/* Bind parameters: s - string, b - blob, i - int, etc */
$stmt -> bind_param("s", $amount);
/* Execute it */
$stmt -> execute();
/* Bind results */
$stmt -> bind_result($result);
/* Fetch the value */
$stmt -> fetch();
/* Close statement */
$stmt -> close();
}
$query = "SELECT `amount` FROM `freetexts`";
$result = $mysqli->query($query);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo json_encode($row["amount"]);
}
} else {
echo "0 results";
}
$mysqli->close();
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.