我得到了下面的代碼,我沒有發現錯誤。 當我執行它時,我總是得到「no_request」。得到錯誤的迴應
$用戶名等於Reebal和$用戶等於西蒙
阿賈克斯/ jQuery的
$("#cancel_friend").click(function(e){
var user = "<?php echo $user_username; ?>";
var type = "cancel_friend"
$.ajax({
type: "POST",
url: "../system/friend_system.php",
data: {
user: user,
type: type
},
success: function(data, status){
if(data == "friend_request_canceled"){
$("#cancel_friend").css("display", "none");
}else{
$(".error_msg_container").html(data);
}
},
error: function(){
alert(data);
}
friend_system.php
}else if($_POST['type'] == "cancel_friend"){
$sql = "SELECT COUNT(id) friends WHERE user1 = '$username' AND user2 = '$user' AND accepted='0' LIMIT 1";
$result = mysqli_query($conn, $sql);
$request = mysqli_fetch_row($result);
if($request[0] > 0){
$sql = "DELETE FROM friends WHERE user1 = '$username' AND user2 = '$user' AND accepted='0' LIMIT 1";
$result = mysqli_query($conn, $sql);
mysqli_close($conn);
echo "friend_request_canceled";
exit();
}else{
echo "no_request";
exit();
}
希望你能幫助我。
在哪裏你設置'$用戶名'?你有沒有試過調試你的代碼? – empiric
$ username是在另一個php文件中,我檢查當前登錄的用戶。當我回復$ username時,我得到'Reebal' – Reebal
您的代碼容易受到[** SQL注入**](https://en.wikipedia.org/wiki/SQL_injection)攻擊。您應該通過[** mysqli **](https://secure.php.net/manual/en/mysqli.prepare.php)或[** PDO **](https ://secure.php.net/manual/en/pdo.prepared-statements.php)驅動程序。 [**這篇文章**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)有一些很好的例子。 –