2

这解释起来有点复杂,我不知道你们是否能帮助我,但我会尽力而为。这是我希望用户经历的过程:::

  1. 用户点击 img(id='cowboys' 或 'giants')
  2. onclick 触发函数 'teamback' 并将 'this' 传递给它(到目前为止一切顺利,这里是我需要使用 ajax 连接到数据库并插入信息的地方)
  3. 函数需要获取用户标识(会话变量)、tn 和 sc 并使用 ajax 将它们
    插入数据库

代码的 ajax 部分是我不知道该怎么做的地方,因为我从未使用过 ajax。我很确定我搞砸了 GET 部分。问题是它不起作用。它没有向表中插入任何内容。因为我的 ajax 代码在 teamback 函数和 makepick.php 文件中搞砸了(我认为)。任何设置此设置的帮助将不胜感激!

这是html文档...

<?php
 // this starts the session 
 session_start();
 $id = $_SESSION['userid'];

 //this connects to the database
$con = mysql_connect("localhost","yourfan3_jeengle","armyjoe30");
mysql_select_db("yourfan3_demo", $con);

//**THIS IS THE VARIABLE THAT MANUALLY SETS THE PICKS POSSIBLE
$maxcorrectpicks = 16;

 //gets info for user
 $result = mysql_query("SELECT * FROM League_Info WHERE User_ID = '$id'");  
 $result2 = mysql_fetch_array($result);
 $leaguename = $result2['League'];

 //checks if league name exists
 $memberslist = mysql_query("SELECT User_ID, Correct_Picks, Points FROM League_Info WHERE League = '$leaguename'"); 
 ?>

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <script type="text/javascript" src="js/jquery-1.2.6.min.js"></script>
        <script type="text/javascript" src="js/jquery-easing-1.3.pack.js"></script>
        <script type="text/javascript" src="js/jquery-easing-compatibility.1.2.pack.js"></script>
        <script type="text/javascript" src="js/coda-slider.1.1.1.pack.js"></script>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <link rel="icon" href="http://www.indiana.edu/favicon.ico" />
        <title>Your</title>
        <link rel="stylesheet" type="text/css" href="yourteamstyle.css" />

        <script type="text/javascript">
        //this is the user id session stored as a javascript variable
        var userid = "<?=$id?>";

        // Popup window code
        function newPopup(url) {
            popupWindow = window.open(url,'popUpWindow','height=450,width=600,left=10,top=10,resizable=no,scrollbars=yes,toolbar=yes,menubar=no,location=no,directories=no,status=yes')
        }
        function bigimg(x) {
            var myDate = new Date(); // Your timezone! 
            var myEpoch = myDate.getTime()/1000; 
            var deadline = '1344700055.000'; 
                //determines if user was on time..if not on time hover enlarge won't work
                if(myEpoch < deadline) {
                    x.style.height="65px";
                    x.style.width="85px";
                    x.style.opacity="0.5";
                } else {}
        }
        function defaultimg(x) {
            x.style.height="60px";
            x.style.width="80px";
            x.style.opacity="1.0";
        }
        function teamback(x) {
            var myDate = new Date(); // Your timezone! 
            var myEpoch = myDate.getTime()/1000; 
            var deadline = '1344700055.000';
                //determines if user was on time..if not on time submitting won't work
                if(myEpoch > deadline) {
                    // update the "actualone" image's source to the sending-image's source
                    var tn = x.id;
                    var sc = x.name;
                    document.getElementById("actualone").src = x.src;
                    document.getElementById("curtime").innerHTML = myEpoch;
                    document.getElementById("team").innerHTML = x.id;
                    document.getElementById("scenario").innerHTML = x.name;

                    //this is the ajax part where I am having trouble
                    if (window.XMLHttpRequest) {
                        // code for IE7+, Firefox, Chrome, Opera, Safari
                        xmlhttp=new XMLHttpRequest();
                    } else {
                        // code for IE6, IE5
                        xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
                    }
                    xmlhttp.onreadystatechange=function() {
                    }
                    xmlhttp.open("GET","makepick.php?newuserid="+userid, true);
                    xmlhttp.open("GET","makepick.php?newtn="+tn, true);
                    xmlhttp.open("GET","makepick.php?newsc="+sc, true);
                    xmlhttp.send();

                } else {}           
        }
        </script>

    </head>
        <body>
            Your Team<br>
            <iframe style="background-color:red;" src="http://free.timeanddate.com/countdown/i38ik9yz/n417/cf12/cm0/cu4/ct1/cs1/ca0/co1/cr0/ss0/cac000/cpc000/pct/tc66c/fs100/szw320/szh135/tatTime%20Remaining%20to%20Make%20Picks/tac000/tptTime%20since%20Event%20started%20in/tpc000/iso2012-08-11T13:00:00" frameborder="0" width="236" height="36"></iframe>

            <br><img id="cowboys" name="One" onmouseover="bigimg(this)" onclick="teamback(this)" onmouseout="defaultimg(this)" src="cowboys.gif"> vs <img id="giants" name="One" onmouseover="bigimg(this)" onclick="teamback(this)" onmouseout="defaultimg(this)" src="giants.gif"><img src="" id="actualone" style="width:85px; height:65px;"><br><br>
            <div id="curtime">44</div>|||<div id="deadline"></div><br><div id="team">Team</div><div id="scenario">Scenario</div>


        </body>
</html>

这是 makepick.php 文件

<?php
$userid = $_GET["newuserid"];
$tn = $_GET["newtn"];
$sc = $_GET["newsc"];

//this connects to the database
$con = mysql_connect("localhost","yourfan3_jeengle","armyjoe30");
mysql_select_db("yourfan3_demo", $con);

mysql_query("INSERT INTO Week1_Picks_Test (UserID, '$sc') VALUES ('$userid', '$tn')");

?>
4

3 回答 3

2

因为,您使用的是 Jquery,我建议您重写您的 teamback() 函数以使用 jquery 的 ajax 方法:

function teamback(x) {
var myDate = new Date(); // Your timezone! 
var myEpoch = myDate.getTime()/1000; 
var deadline = '1344700055.000';
    //determines if user was on time..if not on time submitting won't work
    if(myEpoch > deadline) {
        // update the "actualone" image's source to the sending-image's source
        var tn = x.id;
        var sc = x.name;
        document.getElementById("actualone").src = x.src;
        document.getElementById("curtime").innerHTML = myEpoch;
        document.getElementById("team").innerHTML = x.id;
        document.getElementById("scenario").innerHTML = x.name;

        $.ajax({
          type: 'GET',
          url: 'makepick.php',
          data: { newuserid: userid, newtn: tn, newsc:sc },

          success:function(data){
            //do whatever you want to do here on successful submission
            alert('success');
          },
          error:function(){
            //do whatever you want to do here when an error occurs
            alert('error');
          }
        });
    } else {}

}

于 2012-08-12T16:09:43.943 回答
1

我马上就注意到了:您在 AJAX 处理中执行的查询在单引号 (') 中有 $sc 变量。由于这是列名,因此会产生语法错误。删除引号,或使用反引号 (`)。

也就是说,您应该考虑在将输入传递到数据库之前对其进行清理,或者更好的是,使用带有 PDO 的准备好的语句:http: //php.net/manual/en/book.pdo.php

于 2012-08-12T16:15:05.073 回答
0

我不确定您的问题是什么,但值得阅读有关 SQL 注入的内容。http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php对于初学者来说是可以的。

于 2012-08-12T16:09:29.087 回答