dtg78700 2014-12-10 05:38
浏览 24
已采纳

我准备好的语句返回“null”

I was reading up on preventing SQL injection and i tried to convert my code. Before I changed it, when the page was loaded, I would update my sql with whatever was in 'input[name="amount"]' and change the text of the id "freetexts" to whatever echo json_encode($result); gave out. Now after I changed it, the value of freetexts keeps getting changed to "null"

here is my php

<?php
$username="XXX";
$password="XXX";
$database="XXX";
$amount = $_POST["amount"];


$conn = new mysqli(localhost, $username, $password, $database);

// Check connection
  if(mysqli_connect_errno()) {
      echo "Connection Failed: " . mysqli_connect_errno();
      exit();
   }

/* create a prepared statement */
if ($stmt = $conn->prepare("UPDATE freetexts SET amount = amount - ? WHERE 1")) {
}
/* Bind parameters: s - string, b - blob, i - int, etc */
$stmt -> bind_param("s", $amount);

//$update = "UPDATE freetexts SET amount = amount - '$amount' WHERE 1";
/* Execute it */
      $stmt -> execute();

      /* Bind results */
      $stmt -> bind_result($result);

      /* Fetch the value */
      $stmt -> fetch();

echo json_encode($result);

      /* Close statement */
      $stmt -> close();


?>

And here is my javascript

    var amount = $('input[name="amount"]').val();
    $.ajax({
        type: 'POST',
        data: {
            amount: amount
        },
        url: 'textlimit.php',
        success: function(data) { //Receives the data from the php code
            document.getElementById('freetexts').innerHTML = "Current FREE texts left: " + data;
        },
        error: function(xhr, err) {
            console.log("readyState: " + xhr.readyState + "
status: " + xhr.status);
            console.log("responseText: " + xhr.responseText);
        }
    });
  • 写回答

1条回答 默认 最新

  • dongweng9474 2014-12-10 06:18
    关注

    Thanks to @tkausl and @Darren, I've realized that no where in my code actually selects the row I want. I also learned that WHERE 1 does literally nothing. This is the revised php and it works perfectly but I also doubt it's optimized. Any ideas on what I could do to make the code better? Such as removing $stmt -> fetch(); if it's unnecessary 

    <?php
define('DB_SERVER', "localhost");
define('DB_USER', "XXX");
define('DB_PASSWORD', "XXX");
define('DB_DATABASE', "XXX");


$amount = $_POST["amount"];


$mysqli = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_DATABASE);

// Check connection
  if(mysqli_connect_errno()) {
      echo "Connection Failed: " . mysqli_connect_errno();
      exit();
   }

/* create a prepared statement */
if ($stmt = $mysqli->prepare("UPDATE freetexts SET amount = amount - ?")) {

/* Bind parameters: s - string, b - blob, i - int, etc */
$stmt -> bind_param("s", $amount);

/* Execute it */
      $stmt -> execute();

      /* Bind results */
      $stmt -> bind_result($result);

      /* Fetch the value */
      $stmt -> fetch();



      /* Close statement */
      $stmt -> close();
      }

$query = "SELECT `amount` FROM `freetexts`";

$result = $mysqli->query($query);

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
              echo json_encode($row["amount"]);  
    }
} else {
    echo "0 results";
}


$mysqli->close();
?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 5037端口被adb自己占了
  • ¥15 python:excel数据写入多个对应word文档
  • ¥60 全一数分解素因子和素数循环节位数
  • ¥15 ffmpeg如何安装到虚拟环境
  • ¥188 寻找能做王者评分提取的
  • ¥15 matlab用simulink求解一个二阶微分方程,要求截图
  • ¥30 乘子法解约束最优化问题的matlab代码文件,最好有matlab代码文件
  • ¥15 写论文,需要数据支撑
  • ¥15 identifier of an instance of 类 was altered from xx to xx错误
  • ¥100 反编译微信小游戏求指导