得到錯誤的迴應

Question

我得到了下面的代碼，我沒有發現錯誤。 當我執行它時，我總是得到「no_request」。

$用戶名等於Reebal和$用戶等於西蒙

阿賈克斯/ jQuery的

$("#cancel_friend").click(function(e){ 
    var user = "<?php echo $user_username; ?>"; 
    var type = "cancel_friend" 
    $.ajax({ 
     type: "POST", 
     url: "../system/friend_system.php", 
     data: { 
      user: user, 
      type: type 
     }, 
     success: function(data, status){ 
      if(data == "friend_request_canceled"){ 
       $("#cancel_friend").css("display", "none"); 
      }else{ 
       $(".error_msg_container").html(data); 
      } 
     }, 
     error: function(){ 
      alert(data); 
     } 

friend_system.php

}else if($_POST['type'] == "cancel_friend"){ 
    $sql = "SELECT COUNT(id) friends WHERE user1 = '$username' AND user2 = '$user' AND accepted='0' LIMIT 1"; 
    $result = mysqli_query($conn, $sql); 
    $request = mysqli_fetch_row($result); 
    if($request[0] > 0){ 
     $sql = "DELETE FROM friends WHERE user1 = '$username' AND user2 = '$user' AND accepted='0' LIMIT 1"; 
     $result = mysqli_query($conn, $sql); 
     mysqli_close($conn); 
     echo "friend_request_canceled"; 
     exit(); 
    }else{ 
     echo "no_request"; 
     exit(); 
    } 

這裏是朋友表：

希望你能幫助我。

Answer 1

現在在我的手機上，所以我不能很好地看待它，你的SQL查詢是不安全的。使用mysqli或者pdo。 你忘了從您的SQL查詢，這裏是一個SQL注入安全代碼：

$con = new PDO("mysql:host=localhost;dbname=dbName" , "dbPassword","dbUsername"); // connecting with PDO 
$query = $con->prepare("SELECT COUNT(id) FROM friends WHERE user1 = :username AND user2 = :username2 AND accepted = \"0\" LIMIT 1"); // Preparing a query 
$query->bindParam(":username" , $username, PDO::PARAM_STR); // binding parameters in a safe way 
$query->bindParam(":username2",$username2,PDO::PARAM_STR); 
$query->execute(); 
$result = $query->fetchAll(); // fetching the result and putting it in result 

記得更改的變量和修改連接詳情 如果它不工作評論不是這個評論