0

我正在使用 Ajax 来收集诸如 winsReddit、LosingReddit 以及输赢照片等数据。然后应该 PHP 脚本(如下)将其发送到 MySQL 表。“赢”和“输”列应每次增加 1。

出于某种原因,此脚本并未保存到数据库中。我究竟做错了什么?我错过了什么吗?

<?php
if(isset ($_POST['action'])) {

include( 'connection.php');

$winnerLink = $_POST['winnerReddit'];
$loserLink = $_POST['losingReddit'];
$win = $_POST['win'];
$lose = $_POST['lose'];


mysql_query("UPDATE $winnerLink SET win = win + 1 WHERE imagelink = '$win'");
mysql_query("UPDATE $loserLink SET lose = lose + 1 WHERE imagelink = '$lose'");

}

?>

这是我正在使用的 Ajax 代码:

    $.ajax({
        url: 'http://website.com/vote.php',
        method: 'POST',
        data: {
            action: 'save',
            win: chosenURL,
            lose: chosenURL,
            winnerReddit: $(this).attr('id'),
            losingReddit: $(this).siblings('div').attr('id')
        },
        success: function(data) {
            alert('sent');
        },
        error: function() {
            alert('nope')
        }
    });
})
})
4

1 回答 1

2

替换这个

mysql_query("UPDATE $winnerLink SET win = win + 1 WHERE imagelink = $win");
mysql_query("UPDATE $loserLink SET lose = lose + 1 WHERE imagelink = $lose");

有了这个准备好的声明:

$stmt = mysqli_prepare("UPDATE ? SET win = win + 1 WHERE imagelink = ?");
$stmt->bind_param("ss", $_POST['winnerReddit'], $_POST['win']);
$stmt->execute();
$stmt->close();

$stmt = mysqli_prepare("UPDATE ? SET lose = lose + 1 WHERE imagelink = ?");
$stmt->bind_param("ss", $_POST['losingReddit'], $_POST['lose']);
$stmt->execute();
$stmt->close();

您还需要确保已连接到数据库

于 2012-08-15T19:51:03.940 回答