我目前遇到的问题是我的查询返回成功但是在检查我的SQL数据库时没有发生实际更新。奇怪的是,当我将相同的查询复制到phpMyAdmin时,成功返回响应并且查询工作正常,行更新。 (注意:我很清楚SQL注入的高风险,但mysqli_escape_string因某些原因无法正常工作,所以当我进入该网站时,我会担心这一点生产阶段。)
的script.php
$fave = json_decode($_POST['af']);
$unfave = json_decode($_POST['uf']);
$fave = "'".implode("','", $fave)."'";
$unfave = "'".implode("','", $unfave)."'";
if ($fave !== "''"){
$fq = "UPDATE post SET fave='1' WHERE 'an_id' IN ($fave) AND bid='$bizusr' AND fave='0'";
$r_fq = mysqli_query($GLOBALS["___mysqli_ston"], $fq);
$ar_fq = mysqli_affected_rows($GLOBALS["___mysqli_ston"]);
} else {
$r_fq = 1;
$ar_fq = 0;
}
if ($unfave !== "''"){
$ufq = "UPDATE post SET fave='0' WHERE 'an_id' IN ($unfave) AND bid='$bizusr' AND fave='1'";
$r_ufq = mysqli_query($GLOBALS["___mysqli_ston"], $ufq);
$ar_ufq = mysqli_affected_rows($GLOBALS["___mysqli_ston"]);
} else {
$r_ufq = 1;
$ar_ufq = 0;
}
if ($r_fq && $r_ufq){
$output = json_encode(array('type'=>'error', 'text' => "Favourites have been updated successfully. You've added $ar_fq favorites and removed $ar_ufq favorites." ));
die($output);
}
if (!$r_fq && $r_ufq){
$output = json_encode(array('type'=>'error', 'text' => "We've successfully favorited $ar_fq links, however there was an issue in unfavoriting some links, try refreshing." ));
die($output);
}
if ($r_fq && !$r_ufq){
$output = json_encode(array('type'=>'error', 'text' => "We've successfully unfavorited $ar_ufq links, however there was an issue in favoriting some links, try refreshing." ));
die($output);
}
if (!$r_fq && !$r_ufq){
$output = json_encode(array('type'=>'error', 'text' => "There was an error in updating your favorited links." ));
die($output);
}
// $un = mysqli_prepare($GLOBALS["___mysqli_ston"], "UPDATE analytics SET fave='0' WHERE an_id IN (?) AND bid= ? AND fave='1'");
// $fa = mysqli_prepare($GLOBALS["___mysqli_ston"], "UPDATE analytics SET fave='1' WHERE an_id IN (?) AND bid= ? AND fave='0'");
// mysqli_stmt_bind_param($un, 'ss', $unfave, $blockject);
// $a = mysqli_stmt_execute($un);
// mysqli_stmt_close($un);
// mysqli_stmt_bind_param($fa, 'ss', $fave, $blockject);
// $b = mysqli_stmt_execute($fa);
// mysqli_stmt_close($fa);
变量$fave和$unfave会返回如下所示的值:'abcd123','dcba321','hello123',这会使查询看起来像这样:
UPDATE post SET fave='0' WHERE 'an_id' IN ('abcd123','dcba321','hello123') AND bid='$bizusr' AND fave='1';
现在,将查询输入phpMyAdmin工作得很好,但是当通过php执行时,响应会返回成功但是没有实际更新的行,所以我不确定发生了什么我的php error.log就像哨子一样干净。
另外,如果您想知道我的require_once connection.php 文件是什么样的,这会将我连接到数据库,它是以下内容:
$link = ($GLOBALS["___mysqli_ston"] = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD));
if(!$link) {
die('Failed to connect to server: ' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
}
//Select database
$db = ((bool)mysqli_query($GLOBALS["___mysqli_ston"], "USE " . constant('DB_DATABASE')));
if(!$db) {
die("Unable to select database");
}
答案 0 :(得分:0)
愚蠢的我,我不确定它为什么会返回成功的查询,但是将列ID an_id包装在单引号中是个问题