一直在修補我的網站,它是一個座位預訂網站。仍然在阿爾法測試中,真正如此,不是因爲顯而易見的原因而向公衆活動在PHP網站上從mySQL查詢更新數據庫中的值問題
但是,我在更新數據庫中的值時遇到了一些問題。
我會後的代碼,然後解釋問題..
else {
$seatID = $_POST['form_submitted'];
$query1 = "SELECT seatTaken FROM SEATS WHERE seatNo = '$seatID'";
$result = mysql_query($query1);
while($row = mysql_fetch_array($result))
{
$taken = $row['seatTaken'];
}
$query2 = "SELECT passNo FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query2);
while($row = mysql_fetch_array($result))
{
$passno = $row['passNo'];
}
$query3 = "SELECT groupID FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query3);
while($row = mysql_fetch_array($result))
{
$groupno = $row['groupID'];
}
$query4 = "SELECT flightNo FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query3);
while($row = mysql_fetch_array($result))
{
$flightno = $row['flightNo'];
}
// if ($taken = 0) {
$update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
// AND flightNo = '$flightno'"
echo '<meta http-equiv="refresh" content="5;url=http://www.mywebsite.com/">';
echo mysql_error();
//}
}
?>
現在,用戶將在前面的表格,從而選擇自己的座位了:
$seatID = $_POST['form_submitted'];
然而,在在我的查詢底部,當運行這個PHP代碼時,數據庫中唯一真正改變的值是'seatTaken'的布爾值,因爲它從0(未佔用)變爲1(佔用)。
領域的passno和組ID在我的數據庫不更新這裏的這些查詢引用: -
$update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
有沒有人能幫忙嗎?非常感謝!
湯姆
在你運行'UPDATE'的地方,打印查詢和'exit()'。要進行調試,請手動對數據庫運行並查看其未運行的原因。錯誤的'WHERE'子句,可能? – halfer 2012-04-07 14:56:06
您可能對此有所瞭解,但您在此代碼中也存在SQL注入漏洞。使用參數綁定,或至少逃脫你的污染輸入。 – halfer 2012-04-07 14:56:53