dt20081409 2010-05-06 11:34
浏览 58

jQuery - 通过PHP保存到SQL

This is probably easy for you guys, but I can't understand it. I want to save the filename of an image to it's own row in the SQL base.

Basically, I log on to the site where I have my own userID. And each user has its own column for background images. And the user can choose his own image if he wants to. So basically, when the user clicks on the image he wants, a jquery click event occurs and an ajax call is made to a php file which is supposed to take care of the actual update. The row for each user always exist so there's only an update of the data that's necessary.

First, I collect the filename of the css property 'background-image' and split it so I get only the filename. I then store that filename in a variable I call 'filename' which is then passed on to this jQuery snippet:

    $.ajax({
        url: 'save_to_db.php',
        data: filename,
        dataType:'Text',
        type: 'POST',
        success: function(data) {
            // Just for testing purposes.
            alert('Background changed to: ' + data);
   }   

  });

And this is the php that saves the data:

<?php 
require("dbconnect.php");

$uploadstring = $_POST['filename'];

mysql_query("UPDATE brukere SET brukerBakgrunn = '$uploadstring' WHERE brukerID=" .$_SESSION['id']);
mysql_close();  
?>

Basically, each user has their own ID and this is called 'brukerID' The table everything is in is called 'brukere' and the column I'm supposed to update is the one called 'brukerBakgrunn'

When I just run the javascript snippet, I get this message box in return where it says:

Background changed to:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/clients/client2/web8/web/save_to_db.php:1) in /var/www/clients/client2/web8/web/access.php on line 3

This is dbconnect.php

<?php
$con = mysql_connect("*****","******","******");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }  

mysql_select_db("****", $con);
require("access.php");
?>

And this is access.php:

<?php
// Don't mess with ;)
session_start();

if($_REQUEST['inside']) session_destroy();

session_register("inside");
session_register("navn");
if($_SESSION['inside'] == ""){
    if($_POST['brukernavn'] and $_POST['passord']){
    $query = "select * from brukere where brukerNavn='" . $_POST['brukernavn'] . "' and brukerPassord = md5('" . $_POST['passord'] ."')";
    $result = mysql_query($query);      
    if(!$result) mysql_error();
    $rows = @mysql_num_rows($result);
        if($rows > 0){
    $_SESSION['inside'] = 1;
    $_SESSION['navn'] = mysql_result($result,"navn");
    $_SESSION['id'] = mysql_result($result,"id");
    Header("Location: /");
    } else {
    $_SESSION['inside'] = 0;
    $denycontent = 1;
    }
    } else {
    $denycontent = 1;
    }
}

if($denycontent == 1){
include ("head.php");
print('   
<body class="bodylogin">
   content content content      
</body>
');
include ("foot.php");
exit;
}
?>
  • 写回答

7条回答

  • duanhua9398 2010-05-06 11:36
    关注
    mysql_query("UPDATE brukere SET brukerBakgrunn = $uploadstring WHERE brukerID=" .$_SESSION['id'] ."";

    should be

    mysql_query("UPDATE brukere SET brukerBakgrunn = $uploadstring WHERE brukerID=" .$_SESSION['id']);

    closing parenthesis is missing and the quotes ("") are useless.

    Read about SQL injection in order to make your application safe.

    EDIT:

    <?php
 require("dbconnect.php")
?>

<?php

    This code sends (the part between ?> and <?php) a newline to the output (it's the same as echo " ") which is not allowed if you want to write to a session variable consequently.

    评论

报告相同问题?

悬赏问题

  • ¥15 如何在3D高斯飞溅的渲染的场景中获得一个可控的旋转物体
  • ¥88 实在没有想法,需要个思路
  • ¥15 MATLAB报错输入参数太多
  • ¥15 python中合并修改日期相同的CSV文件并按照修改日期的名字命名文件
  • ¥15 有赏,i卡绘世画不出
  • ¥15 如何用stata画出文献中常见的安慰剂检验图
  • ¥15 c语言链表结构体数据插入
  • ¥40 使用MATLAB解答线性代数问题
  • ¥15 COCOS的问题COCOS的问题
  • ¥15 FPGA-SRIO初始化失败