php - 更新 MySQL 行中的一个单元格

Question

解释:

我将尝试说明我的问题。 (想跳过它吗？跳到“这是我的问题”) 这是一个类似于我的 MySQL 表。

| NAME | PASSWORD | FOLLOWING 
| Johny | XieofEnfoEQ | NULL 
| Isabel | nfOEnfoiJEJj | NULL 

我正在尝试创建一个允许用户关注其他用户的 PHP 代码。该系统遵循以下步骤:

1) 连接到数据库。

2) 获取当前用户关注的人的内爆数组(内爆数组本质上是将数组转换为字符串

3) 将该字符串分解回数组

4) 添加请求的用户

5) 将数组重新内爆为字符串

6) 将当前用户的“FOLLOWING”单元格更新为新的内爆字符串

7) 向请求的用户发送一封电子邮件，说明他们有一个新的关注者

这是我的问题: 假设我以 Johny 身份登录。当我尝试关注 Isabel(例如)时，它没有给我任何错误，并且 Isabel 收到了电子邮件。但是，当我检查数据库时，FOLLOWING 单元格仍然是 NULL。我该如何解决？我的整个代码都在下面，删除了重要的值。

代码:

<?php
// ensure that they are logged in
require_once("./include/membersite_config.php");
require_once "Mail.php";
if(!$fgmembersite->CheckLogin()) {
    $fgmembersite->RedirectToURL("http://####BLANKED####/HomeworkBox/Signup/login.php");
    exit;
}

$searched="search";

// check the URL to fetch variables
if (isset($_GET['search'])) { // fetch what to send back to the search
    $searched = $_GET['search'];

}

if (isset($_GET['follow'])) { // fetch who to follow
    $follow = $_GET['follow'];

}

else {
    header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
    die;
}

$member = $fgmembersite->UserFullName();

// check if this is a valid 
$username="####BLANKED####";
$password="####BLANKED####";
$database="####BLANKED####";
$conn = mysql_connect("localhost",$username,$password)or die();
@mysql_select_db($database)or die();
$id = 0;
$result = mysql_query("SELECT * FROM members WHERE `name` = '$follow'");
if ($result && mysql_num_rows($result) > 0) {

}

else {
    header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
    die;
}

$follow_data = mysql_fetch_row($result);
$follow_email = $follow_data[3];

$id = 0;
$result = mysql_query("SELECT * FROM members WHERE `name` = '$member'");
if ($result && mysql_num_rows($result) > 0) {

}

else {
    header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
    die;
}

$member_data = mysql_fetch_row($result);
$member_email = $member_data[3];
$member_following = $member_data[14];

$following_list = explode(',', $member_following);
$following_list[] = $member;
$member_following = implode(",", $following_list);

$member_refined = str_replace(' ', '%20', $member);

mysql_query("UPDATE members SET following=$member_following WHERE email='$member_email'");

$from = '<####BLANKED####>';
$to = $follow_email;
$subject = "You Have a New Follower!";
$body = "Hello ".$follow."\r\n\r\n".
    "".$member." has added you on ####BLANKED####! \r\n".
    "You can add them back by clicking the following link. \r\n\r\n".
    "http://####BLANKED####/engine/follow.php?follow=".$member_refined." \r\n\r\n".
    "(If the link looks odd, DO NOT CLICK IT! We are not responsable for \r\n".
    "any damage caused to you, your device, or anything else!) \r\n\r\n".
    "Regards,\r\n".
    "####BLANKED####\r\n\r\n";

$headers = array(
                 'From' => $from,
                 'To' => $to,
                 'Subject' => $subject
                 );

$smtp = Mail::factory('smtp', array(
                                    'host' => 'ssl://smtp.gmail.com',
                                    'port' => '465',
                                    'auth' => true,
                                    'username' => '####BLANKED####',
                                    'password' => '####BLANKED####'
                                    ));

$mail = $smtp->send($to, $headers, $body);

if (PEAR::isError($mail)) {
    echo('<p>' . $mail->getMessage() . '</p>');
} 

header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
die;
?>

Answer 1

UPDATE 语句中的字符串需要引号:

mysql_query("UPDATE members SET following='$member_following' WHERE email='$member_email'") or die (mysql_error());

如果您从 mysql_query 检查错误(如我所示)，您会看到此错误。

您还需要转义数据以防止 SQL 注入(inject)。如果转换为 PDO 或 mysqli 并使用参数化查询会更好。