ds1379551
ds1379551
2012-07-04 10:14

MySQL PHP没有更新

已采纳

I need help with my php Code which is supposed to update my mysql database. I tried it this way:

<?php mysql_connect("servername","name","passwort"); 
mysql_select_db("dbname"); 
$name = $_GET["name"]; $points = $_GET["points"]; 
$query = "UPDATE highscore SET points=".$points." WHERE name='".$name."'";

mysql_query($query) 
mysql_close(); ?>

I called it with:

http://.../write.php?name=%22Alexa%20Bomkamp%22&points=%22100

But literally nothing happened. No error, but also no update. Does anyone know what im doing wrong?

Thanks for help :)

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

4条回答

  • dongmao3131 dongmao3131 9年前

    url is wrong %22 takes " htmlentity avoid it and number contains also %22

    call with this url: .../write.php?name=Alexa%20Bomkamp&points=100

    点赞 评论 复制链接分享
  • doulao3905 doulao3905 9年前

    If you are encoding the parameters while sending the request then please decode it. One more thing please use mysql_real_escape_string() for avoiding SQL injection while assigning get values to your parameters

    点赞 评论 复制链接分享
  • duanbishai5271 duanbishai5271 9年前

    First, you should check that $_GET gets the parameters you call the script with. A print_r($_GET); is sufficient for this.

    Secondly, your code looks horrid. You are missing linebreaks, and all. What is more terrifying, that you are totally vulnearable to SQL injection. NEVER let the SQL execute a command which contains unescaped and unchecked user input. With a little addition to the parameters, you could easily lose your database.

    The other thing is, that judging from your code, you are using a bad practice. What if I enter a name which is new to the database. In that case, the UPDATE statement will fail, you will need to use INSERT INTO instead.

    <?php
    $link = mysql_connect( 'servername', 'loginname', 'password' ) or die('Unable to connect.');
    mysql_select_db( 'database', $link ) or die('Unable to select database.');
    
    $query = 'UPDATE `highscore` SET `points`=' .mysql_real_escape_string($_GET['points']). ' WHERE `name`="' .mysql_real_escape_string($_GET['name']). '";';
    mysql_query( $query, $link );
    mysql_close($link);
    ?>
    

    Also, you have an unneeded %22 in your request. Call the code with ?name=Alexa Bompkamp&points=100.

    点赞 评论 复制链接分享
  • doufang7385 doufang7385 9年前

    Try this code:

    <?php
    $conn = mysql_connect("servername","name","passwort"); 
    mysql_select_db("dbname");
    if (mysql_error()) {
        echo "<br />". mysql_errno(). " : ". mysql_error();
    }
    $name = $_GET["name"]; $points = $_GET["points"]; 
    $query = "UPDATE highscore SET points=$points WHERE name='$name'";
    
    mysql_query($query, $conn);
    mysql_close($conn);
    ?>
    
    点赞 评论 复制链接分享

相关推荐