douchongbang6011
douchongbang6011
2013-08-22 11:40

在javascript函数中更新sql

I have an ordinary html table in which each cell contains a name. I've added a function to each of these cells, which turns the cells background color green, if it's white and the other way around. However, I would also like to update an mySql datebase, when a cell is clicked, but I can't seem to figure out a good way to do this, without reloading the page (which I would prefer not to do) or using javascript to connect to the server (which seems like a very bad practice). The page has already been loaded at this point. Does anybody have any good suggestions?

<script type="text/javascript">
var tbl = document.getElementById("table");
        if (tbl != null) {
            for (var i = 1; i < tbl.rows.length; i++) {
                for (var j = 0; j < tbl.rows[i].cells.length; j++)
                    tbl.rows[i].cells[j].onclick = function () { getval(this); };
            }
        }

        function getval(cel) {
            if(cel.style.backgroundColor == "green")
            {
                 cel.style.backgroundColor = "white";

                 // Here I would like to update my datebase with mySql
                 // query(UPDATE team SET attended=0 WHERE name = cel.innterText)
                 // (name associated with the cell)

            }
            else
            {
                cel.style.backgroundColor = "green";
                 // Here I would like to update my datebase with mySql
                 // query(UPDATE team SET attended=1 WHERE name = cel.innterText)
                 // (name associated with the cell)
            }
        }   
</script>
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

3条回答

  • douhuiwan5141 douhuiwan5141 8年前

    In broad terms, you need to turn part of your application into a service and have calls to it made by an asynchronous HTTP request from your page (this falls under the "AJAX" denomination).

    That service can be written as an extra PHP script on your server, which may not necessarily return an HTML document, but possible XML or JSON (the latter is probably more popular these days), which will be handled by your JavaScript script in the browser for further actions if necessary (e.g. turning the background white only if this request has succeeded).

    It is this PHP script that should handle the SQL queries.

    As a general guideline, don't prepare or handle any SQL at all on the client side (in your JavaScript script), and make sure you use prepared statements when running your SQL queries. (I'm just saying that because you're obviously new to this and you'll inevitably find snippets of code here or on various blogs where people just put the variables they in into their SQL statements by using the variable in the query strings. This is extremely bad practice.)

    EDIT:

    I actually need to go no further than W3Schools to have a bad example of MySQL query that is vulnerable to SQL injection (the problem is in $sql="SELECT * FROM user WHERE id = '".$q."'";). DO NOT USE THIS EXAMPLE. I'd avoid W3Schools, see http://www.w3fools.com/

    点赞 评论 复制链接分享
  • dsc862009 dsc862009 8年前

    You must use AJAX, check this link for a tutorial
    http://www.w3schools.com/ajax/
    Navigate via links on left menu

    点赞 评论 复制链接分享
  • dqsp60748 dqsp60748 8年前

    SQL is server side, not client side. You need to use AJAX to send data to your server and then the server will use SQL to save.

    点赞 评论 复制链接分享

为你推荐