我已经尝试这样做几个小时了,但我无法完全理解它。我有一个名为“requests”的表,其中包含“deletekey”和“deleted”列。“deletekey”是一个随机唯一数字(数据类型文本),“deleted”默认设置为0(数据类型布尔值),当用户输入deletekey时,它会将“deleted”更改为1。但我无法让它工作。这是我的代码,我不知道我做错了什么:
$key = $_GET["delkey"];
$link = mysqli_connect("localhost","username","password","dbname");
$query = 'UPDATE requests SET deleted = True WHERE deletekey = "$key"';
$result = $link->query($query);
那不应该是WHERE deletekey = '$key'吗?该deleted字段永远不会等于 in 中的任何内容$key,因为 deleted 是一个简单的布尔值,而 $key 可能是一个 int/char/varchar 类型的东西。
请注意,您很容易受到SQL 注入攻击。在您了解问题以及如何避免它之前,请停止处理此类代码。
这应该会有所帮助,并且还将提供针对 SQL 注入的保护:
$link = mysqli_connect("localhost","username","password","dbname");
$key = $link->real_escape_string($_GET["delkey"]);
$query = sprintf("UPDATE requests SET deleted = 1 WHERE deletekey = '%s'", $key);
$result = $link->query($query);
查询是一个字符串。并将变量添加到您需要键入的字符串
$query = 'UPDATE requests SET deleted = True WHERE deleted = '".$key."';
不同之处在于如何将变量放入字符串中。你必须在 php.ini 中这样做。
$query = "randomtext ". $randomvar ." ";
其中重要的一点是". $var ."在字符串内部。这类似于javas"+ var +"
$query = 'UPDATE requests SET deleted = 1 WHERE deletekey = "$key"';
它的deletedkey =“$key”对吗?而未删除 = "$key" :
$key = $_GET["delkey"];
$link = mysqli_connect("localhost","username","password","dbname");
$query = 'UPDATE requests SET deleted = true WHERE deletedkey = "$key"';
$result = $link->query($query);
尝试这个?
$link = mysqli_connect("localhost","username","password","dbname");
$key = $link->real_escape_string($_GET["delkey"]);
$query = "UPDATE `requests` SET `deleted` = true WHERE `deletedkey` = $key";
$result = $link->query($query);