使用jQuery Ajax和PHP更新SQL数据库

时间:2022-09-15 09:27:05

So i am trying to use ajax to update a value in my sql database by grabbing the link that was clicked and finding that link in the database. I'm not sure why it isn't working :\

因此,我尝试使用ajax更新sql数据库中的值,方法是获取被单击的链接,并在数据库中查找该链接。我不知道为什么它不起作用:\

$('.visit').click( function() {
var thisLink = $(this).attr('href'); 
$.post("visit.php", { link: thisLink});
});

<?php
$link = $_POST['link'];
mysql_query("UPDATE items SET visited = 1 WHERE link = $link");
include("print.php");
?>

3 个解决方案

#1

2  

To prevent the SQL injection use something like the following (typed from memory...double check).

要防止SQL注入,请使用以下内容(从内存中输入……)仔细检查)。

<?php
    $db = new PDO('connection string', 'username', 'password');

    $query = "UPDATE items SET visited=1 WHERE link=:link";

    $stmt = $db->prepare($query);
    $stmt->execute(array(':link' => $link));
?>

Bob

鲍勃

#2

2  

    $('.visit').click( function() {
         var thisLink = $(this).attr('href'); 
         $.post("visit.php", { link: thisLink});
    });

    <?php
         $link = $_POST['link'];
         mysql_query("UPDATE items SET visited = '1' WHERE link = '".mysql_real_escape_string($link)."'");
         include("print.php");
    ?>

use single quote around SET and WHERE params. Also, mysql_escape_real_string inputs into database for SQL injection

在SET和WHERE params中使用单引号。另外,mysql_escape_real_string输入到数据库中进行SQL注入

#3

1  

 <?php 
  $link = $_POST['link']; 
  mysql_query("UPDATE items SET visited = 1 WHERE link = '$link'"); 
  include("print.php"); // what print.php does ?
 ?>

put quotes around $link

把引用链接美元左右

compare $link with value in database field - it need to be exaclly match

将$link与数据库字段中的值进行比较——它需要完全匹配

#1

2  

To prevent the SQL injection use something like the following (typed from memory...double check).

要防止SQL注入,请使用以下内容(从内存中输入……)仔细检查)。

<?php
    $db = new PDO('connection string', 'username', 'password');

    $query = "UPDATE items SET visited=1 WHERE link=:link";

    $stmt = $db->prepare($query);
    $stmt->execute(array(':link' => $link));
?>

Bob

鲍勃

#2

2  

    $('.visit').click( function() {
         var thisLink = $(this).attr('href'); 
         $.post("visit.php", { link: thisLink});
    });

    <?php
         $link = $_POST['link'];
         mysql_query("UPDATE items SET visited = '1' WHERE link = '".mysql_real_escape_string($link)."'");
         include("print.php");
    ?>

use single quote around SET and WHERE params. Also, mysql_escape_real_string inputs into database for SQL injection

在SET和WHERE params中使用单引号。另外,mysql_escape_real_string输入到数据库中进行SQL注入

#3

1  

 <?php 
  $link = $_POST['link']; 
  mysql_query("UPDATE items SET visited = 1 WHERE link = '$link'"); 
  include("print.php"); // what print.php does ?
 ?>

put quotes around $link

把引用链接美元左右

compare $link with value in database field - it need to be exaclly match

将$link与数据库字段中的值进行比较——它需要完全匹配

标签:

相关文章