1

我正在尝试构建一个 CMS,我可以在其中单击星形图标,它将更改art_featured我数据库中的值,所以说如果art_featured值为 0,然后单击星形图标,我想将字段的值从 0 更改为 1 . 我有点工作,但我不知道如何传递art_featured价值,通常我只会id在我的,span但我已经在使用它,所以我可以告诉我需要更改哪篇文章,所以我怎么能得到art_featured我的语句的值,所以我可以运行 if 和 else 语句,然后根据 的值SQL运行某个语句,SQLart_featured

提前感谢您的帮助!

桌子

art_id  art_title  art_company    art_featured
1       lorem 1    lorem ipsum 1  1
2       lorem 2    lorem ipsum 2  0

HTML/PHP

<section class="row">
    <?php
    $sql_categories = "SELECT art_title, art_company, art_id, art_featured FROM app_articles"; 

        if($result = query($sql_categories)){
            $list = array();

            while($data = mysqli_fetch_assoc($result)){
                array_push($list, $data);
            }

            foreach($list as $i => $row){ 
            ?>
                <div class="row">
                    <div class="column two"><p><?php echo $row['art_title']; ?></p></div>
                    <div class="column two"><p><?php echo $row['art_company']; ?></p></div>
                    <div class="column one"><span id="<?php echo $row['art_id']; ?>" class="icon-small star"></span></div>
                </div>
            <?php
            }
        }
        else {
            echo "FAIL";
        }
    ?>
    </section>

jQuery

        $(".star").click(function(){

        var art_id = $(this).attr('id');

        $.ajax({
        type: "POST",
        data: {art_id:art_id},
        url: "ajax-feature.php",
        success: function(data){
            if(data != false) {

            } 
            else {

            }  
        }
        });

    });

MYSQL/PHP

    if(isset($_POST['art_id'])) {



    $sql_articles = "UPDATE `app_articles` SET `art_featured` = 1 WHERE `art_id` =".$_POST['art_id'];

    if(query($sql_articles)) {
        echo "YES";
    }
    else {
        echo "NO";
    }
}
else {
    echo "FAIL";
}
4

1 回答 1

0 
$sql_detail = "SELECT * FROM app_articles
WHERE art_id = " . $_POST['art_id'];
$sql_result = mysql_query($sql_detail);
if(mysql_num_rows($sql_result) > 0) { // the art_id supplied exists

    while($sR = mysql_fetch_array($sql_result)) {

        $art_title = $sR['art_title'];
        $art_company = $sR['art_company'];
        $art_featured = $sR['art_featured];

        // Do whatever you want with these variables

    }

} else { // the art_id supplied does not exist

}

将 $_POST['art_id'] 直接传递到 SQL 语句中是不安全的,因此您可能应该阅读数据清理。但这应该可以。

于 2013-03-26T00:09:29.637 回答