博客内容涉及PHP中使用SQL查询和PDO连接数据库时遇到的问题。作者在尝试更新数据库记录时遇到变量不起作用的困扰,并分享了尝试解决的代码片段。代码包括使用mysql_connect和mysql_select_db的旧版PHP方法,以及尝试转换为使用PDO的方法,但遇到了执行查询不成功的情况。问题在于某个查询无法正常工作,而其他查询则可以。讨论中提到了变量、哈希验证和SQL注入防护等概念。
这个脚本里面的变量根本不起作用,它驱使我疯了,如果有人能帮上忙,那会很棒!PHP SQL查询中的变量
$db = mysql_connect('HOST', 'USER', 'PASS') or die('Could not connect: ' . mysql_error());
mysql_select_db('DBNAME') or die('Could not select database');
// Strings must be escaped to prevent SQL injection attack.
$name = mysql_real_escape_string($_GET['name'], $db);
$score = mysql_real_escape_string($_GET['score'], $db);
$QuestionN = mysql_real_escape_string($_GET['QuestionN'], $db);
$hash = $_GET['hash'];
$num = (int)$QuestionN;
$var1 = mysql_real_escape_string($_POST['var1']);
$var2 = mysql_real_escape_string($_POST['var2']);
$secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below
$real_hash = md5($name . $score . $secretKey);
if($real_hash == $hash) {
$query = mysql_query("UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2);
//$query = mysql_query("UPDATE Quiz1 SET " . $score . " = (1 + ". $score .")". " WHERE Question = " . $QuestionN);
//$query = mysql_query("UPDATE Quiz1 SET A = (1 + A) WHERE Question = 1 ");
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
}
print($var1) ;
?>
与PDO,继承人的相同代码的人谁需要它更好的PHP的做法清理这件事。
// Configuration
$hostname = 'host';
$username = 'user';
$password = 'pass';
$database = 'DBNAME';
//$score = 'A' ;
$name = $_GET['name'];
$score = $_GET['score'];
$QuestionN = $_GET['QuestionN'];
$table = $_GET['table'];
$hash = $_GET['hash'];
$num = (int)$QuestionN;
$secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below
$real_hash = md5($name . $score . $secretKey);
// if($real_hash == $hash) {
try {
$conn = new PDO('mysql:host='. $hostname .';dbname='. $database, $username, $password);
echo "Connected to database"; // check for connection
//$dbh->exec("UPDATE Quiz1 SET $score = 1 WHERE Question = 1"); // THIS DOES NOT
//$dbh->exec("UPDATE Quiz1 SET B = 1 WHERE Question = 1"); // THIS WORKS
$conn->exec("SET CHARACTER SET utf8"); // Sets encoding UTF-8
//$score = 'A';
//$scoreB = 'A';
//14
$author = 'Imanda';
//15
//$id = 1 ;
//16
// query
//$table = 'Quiz1';
//17
$sql = "UPDATE $table
SET $score = (1 + $score)
WHERE Question = ? " ;
//20
$q = $conn->prepare($sql);
//21
$q->execute(array($QuestionN));
//AddScore($dbh,'Quiz1','A','1');
}
catch(PDOException $e)
{
echo $e->getMessage();
}
// }
?>
+1
哪里是脚本? –
2012-07-21 05:29:24
+0
在我的网站服务器的根, –
2012-07-21 05:33:37
+0
像如果我不通过任何varibles它,然后它的工作和哈希变量正在收到只是发现 –
2012-07-21 05:34:11
扫一扫
1887
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
