<?php
include("global.php");
$username = mysql_real_escape_string(stripslashes($_POST["strUserName"]));
$password = md5(mysql_real_escape_string(stripslashes($_POST["strPassword"])));
$charid = mysql_real_escape_string(stripslashes($_POST["charid"]));
$quest = mysql_real_escape_string(stripslashes($_POST["strQuest"]));
$query = "SELECT * FROM wherei_users, wherei_characters WHERE wherei_users.username = '{$username}' AND wherei_users.password = '{$password}' AND wherei_characters.username = '{$username}' AND wherei_characters.Id = '{$charid}'";
$result = mysql_query($query);
$yesorno = (mysql_num_rows($result) == 0) ? 'NO' : 'YES';
if(empty($username) || empty($password) || empty($charid) || empty($quest) || $yesorno == "NO") {
$status="error";
$msg="InvalidData";
$actiontype="&actiontype=savequestdata";
$out=("$actiontype&status=$status&msg=$msg");
}
if ($yesorno = "YES") {
mysql_query("UPDATE wherei_characters SET strQuest = '{$quest}' WHERE username = '{$username}' AND id = '{$charid}'") or die(mysql_error());
$actiontype="&actiontype=savequestdata";
$status="success";
$out=("$actiontype&$status");
}
echo("$out");
?>
然而,它總是返回該居留制是成功?當我去我的瀏覽器,只需鍵入的URL,它返回
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
當我設置的值錯誤的目的,它返回一個狀態是succesfull,你看,如果醚$username,$password,$charid,$quest
爲空或$yesorno
是NO
那麼它應該回顯&actiontype=savequestdata&status=error&msg=InvalidData
。無論我設置變量,它都返回`actiontype = savequestdata &成功?
迴應查詢。 – Strawberry 2014-12-02 00:42:08