我试图创建一个页面来创建或更新数据库表中的数据。
如果我通过输入新数据(在我的例子中是新玩家)来调用链接,则数据会正确插入到表中。相反,如果我去调用已存在数据的链接来更新表,我总是会收到回显“错误更新”,并且第一个 UPDATE if 永远不会执行。
谁能告诉我哪里错了?
<?php
include "coredb.php";
if (isset($_GET["player"]) && isset($_GET["score"]))
{
//Check id player is already present in leaderboard database
if ($query = $mysqli->prepare('SELECT Player FROM leaderboard WHERE Player = ?'))
{
$query->bind_param("s", $_GET["player"]);
$query->execute();
$query->fetch();
// If player already present in leaderboard (result > 0)
if ($query->num_rows > 0)
{
// Update existing database record
if ($query = $mysqli->prepare('UPDATE leaderboard SET Score = ? WHERE Player = ?')) {
$query->bind_param("i", $_GET["score"]);
$query->execute();
echo "Existing player record updated!";
}
else
{
echo "Error Update";
}
}
else
{
// Create new record in database
if ($query = $mysqli->prepare('INSERT INTO leaderboard (Player, Score) VALUES (?, ?)'))
{
$query->bind_param("si", $_GET["player"], $_GET["score"]);
$query->execute();
echo "New player record create!";
}
else
{
echo "Error Create";
}
}
}
}
else
{
echo "Error database";
}
// Connection close
$mysqli->close();
?>
最佳答案
请始终使用 PDO 或准备好的 MySQLI 以避免 SQL 注入(inject)。
有人可能会删除您的表或执行其他危险的操作,从而破坏您的数据。
还要确保使用 POST 请求将敏感信息发送到您的服务器。
如果您使用 GET,每个人都将能够看到您正在传输的数据。
引用这个例子:
<?php
$dbhost = 'localhost';
$dbname = 'pdo';
$dbusername = 'root';
$dbpassword = '845625';
if (!empty($_POST['submit'])) {
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbusername, $dbpassword);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//Select player
$stmt = $conn->prepare("SELECT player FROM leaderboard WHERE player = :player");
$stmt->execute([
'player' => $_POST['player']
]);
$result = $stmt->fetchColumn();
if (!$result) {
//Insert data
$stmt = $conn->prepare('INSERT INTO `leaderboard` (player, score) VALUES (:player, :score)');
$stmt->execute([
'player' => $_POST['player'],
'score' => $_POST['score']
]);
echo 'New data inserted';
} else {
$stmt = $conn->prepare('UPDATE `leaderboard` SET score = :score WHERE player = :player');
$stmt->execute([
'score' => $_POST['score'],
'player' => $_POST['player']
]);
echo 'Existing data updated: ' . $stmt->rowCount() . ' rows.';
}
}
?>
<form method="POST" action="">
<input type="text" name="player">
<input type="text" name="score">
<button type="submit" name="submit">
Submit data
</button>
</form>
关于php - 通过 PHP/MySql 更新表数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58115095/