如何在mysql數據庫1添加到一個int每次有人去

Question

我已經測試一切，沒有什麼在SQL中鏈接的作品，這裏是我的代碼

<?php 
session_start(); 
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { die('Invalid id'); } 
$conn = mysqli_connect("redacted", "redacted", "redacted", "redacted"); 
if (!$conn) { 
    die("Connection failed: ".mysqli_connect_error()); 
} 
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; 
$id = (int)$_GET['id']; 
"UPDATE affiliate SET clicks WHERE ID='$id' = clicks + 1"; 
header("Location: https://discord.gg/CjzZRBq"); 
?> 

後，我希望它呼應的用戶信息中心這是我

<h1>Clicks</h1> 
       <br /> 
       <br /> 
       You have gotten: <?php $conn = mysqli_connect("localhost", 
"id2278622_jonny", "Fencing1", "id2278622_affiliate"); 
if (!$conn) { 
    die("Connection failed: ".mysqli_connect_error()); 
} 
$sql = "SELECT clicks FROM affiliate WHERE ID='$ID'"; 
echo "$sql"; 
?> Clicks! 

，但它只是回聲的SQL代碼

Answer 1

您尚未將您的查詢實際發送到數據庫。您剛剛構建了一個查詢字符串。一個你甚至沒有保存到變量的字符串。

$id = (int)$_GET['id']; 
"UPDATE affiliate SET clicks WHERE ID='$id' = clicks + 1"; 
header("Location: https://discord.gg/CjzZRBq"); 

應該是：

$id = (int)$_GET['id']; 
$qry= "UPDATE affiliate SET clicks = clicks+1 WHERE ID='$id'"; 
conn->query($qry); 
header("Location: https://discord.gg/CjzZRBq"); 

---

你也應該看看了SQL Injection。投到一個int可以緩解風險，但是你一定要使用綁定變量。

Answer 2

的問題是，你只是呼應$sql（這是查詢字符串），而不是傳遞一個SQL COM到你的數據庫。另請注意，您當前的腳本容易受到SQL注入的影響。爲了避免這種情況，使用prepared statements：

// Retrieve the number of existing clicks 
$stmt = $conn->prepare("SELECT clicks FROM affiliate WHERE ID = ?"); 
$stmt->bind_param("i", $id); 
$stmt->execute(); 
$stmt->bind_result($clicks); // Store the result in the $clicks variable 

$clicks++; // Increment clicks 

// Update the table 
$stmt2 = $conn->prepare("UPDATE affiliate SET clicks = ? WHERE ID = ?"); 
$stmt2->bind_param("si", $clicks, $id); 
$stmt2->execute(); 

// Close the connection once finished 
$conn->close(); 

希望這有助於！ :)