1
我有一個變量,我正在檢索用戶按鈕按下(artist_id),我成功獲取。我想用這個artist_id找到我在數據庫中的藝術家名字。到目前爲止,我一直未能成功地將藝術家名稱導出到javascript中作爲可變參數。
這裏是JavaScript/jQuery的:
<script>
$(function() {
$("#dialog-modal").dialog({autoOpen: false, height: 250, width: 400, modal: true});
$("#opener").click(function() {
$("#dialog-modal").dialog("open");
$.get('/like_artist.php', {artist_id : $(this).data('artist_id'), stage_name : $stage_name}, function(data) {
alert("Data Loaded: " + data.artist_id);
var text = '';
var artistId = data.artist_id;
var stage_Name = data.stage_name;
text = 'You have liked ' + artistId + stage_Name;
$('#dialog-modal').text(text);
}, "json");
});
});
</script>
這裏是PHP(like_artist.php):
<?php
session_start();
require_once "database.php";
db_connect();
require_once "auth.php";
$current_user = current_user();
include_once("config.php");
$artist_id = $_GET['artist_id'];
$query_two = "SELECT stage_name FROM artists WHERE id='.$artist_id.'";
$stage_name = mysql_fetch_row(mysql_query($query_two));
$stage_name = $stage_name[0];
echo json_encode(array('artist_id' => $artist_id));
echo json_encode(array('stage_name' => $stage_name));
$user_id = $current_user['id'];
$query = "INSERT INTO `user_artists`
(`artist_id`, `user_id`)
VALUES
('$artist_id', '$user_id')";
$result = mysql_query($query);
?>
感謝您的幫助!
你的代碼只是在等待一個SQL注入攻擊。這並不安全。 – Blender 2013-02-20 23:08:42
Blender爲什麼? – user1072337 2013-02-20 23:52:05
您的查詢正在使用未轉義的用戶輸入。 – Blender 2013-02-21 00:10:41