weixin_33719619 2017-07-14 16:34 采纳率: 0%
浏览 15

得到错误的回应

I got the following code and I don't find the mistake. When i execute it, I always get "no_request".

$username is equal to Reebal and $user is equal Simon

Ajax/jQuery

$("#cancel_friend").click(function(e){
    var user = "<?php echo $user_username; ?>";
    var type = "cancel_friend"
    $.ajax({
        type: "POST",
        url: "../system/friend_system.php",
        data: {
            user: user,
            type: type
        },
        success: function(data, status){
            if(data == "friend_request_canceled"){
                $("#cancel_friend").css("display", "none");
            }else{
                $(".error_msg_container").html(data);
            }
        },
        error: function(){
            alert(data);
        }

friend_system.php 

}else if($_POST['type'] == "cancel_friend"){
    $sql = "SELECT COUNT(id) friends WHERE user1 = '$username' AND user2 = '$user' AND accepted='0' LIMIT 1";
    $result = mysqli_query($conn, $sql);
    $request = mysqli_fetch_row($result);
    if($request[0] > 0){
        $sql = "DELETE FROM friends WHERE user1 = '$username' AND user2 = '$user' AND accepted='0' LIMIT 1";
        $result = mysqli_query($conn, $sql);
        mysqli_close($conn);
        echo "friend_request_canceled";
        exit();
    }else{
        echo "no_request";
        exit();
    }

Here is the friends table: enter image description here

Hope you can help me.

  • 写回答

1条回答 默认 最新

  • weixin_33719619 2017-07-14 16:57
    关注

    Right now on my phone so I can't look at it that well, your SQL Query is unsafe. Use either mysqli or pdo. And you forgot the FROM your the sql query, here's an sql injection safe code:

    $con = new PDO("mysql:host=localhost;dbname=dbName" , "dbPassword","dbUsername"); // connecting with PDO
$query = $con->prepare("SELECT COUNT(id) FROM friends WHERE user1 = :username AND user2 = :username2 AND accepted = \"0\" LIMIT 1"); // Preparing a query
$query->bindParam(":username" , $username,  PDO::PARAM_STR); // binding parameters in a safe way
$query->bindParam(":username2",$username2,PDO::PARAM_STR); 
$query->execute();
$result = $query->fetchAll(); // fetching the result and putting it in result

    REMEMBER TO CHANGE THE VARIABLES AND MODIFY THE CONNECTION DETAILS If it doesn't work comment not this comment

    评论

报告相同问题?

悬赏问题

  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私