PHP 脚本中的递增值不起作用
我有以下 PHP 脚本来更新我的数据库中的 博客视图
,
<?php include('header.php');?><?php$article_id = $_POST['文章'];//回显 $article_id;$dbhost = '本地主机';$dbuser = 'root';$dbpass = '密码';$con = mysql_connect($dbhost, $dbuser, $dbpass);$sql = 'SELECT id,blog_title, blog_body, views FROM tinyblog where id="'. $article_id .'" ';//更新视图.mysql_query("UPDATE tinyblog SET views = views + 1 WHERE id = {$article_id}" , $con );mysql_select_db('tinyblog');$retval = mysql_query( $sql, $con );如果(!$retval){die('无法获取数据:' .mysql_error());}while($row = mysql_fetch_array($retval, MYSQL_ASSOC)) {?><div class="article-blog-indiv"><?php回声'<h1>'.$row['blog_title'] .'</h1>';回声'<p>'.$row['blog_body'] .'</p>';?><?php}?><?php include('footer.php');?>
实际上更新我数据库中的视图字段的是以下代码行:
mysql_query("UPDATE tinyblog SET views = views + 1 WHERE id = {$article_id}" , $con );
现在这行代码似乎不起作用,因为每次我回去检查phpmyadmin时,我看到views字段仍然是0
,但是当我插入以下语句时直接用于测试我的 phpmyadmin:
mysql_query("UPDATE tinyblog SET views = views + 1 WHERE id = 1);
我在视图字段中看到了一个增量,为什么会发生这种情况??
解决方案一些需要解决的问题.首先,当您应该使用 mysqli 或 PDO 时,您正在使用 mysql.其次,您正在使用发布数据而根本没有任何转义.第三,您不需要此选择和更新.您可以在一条语句中完成.
$query = "UPDATE tinyblog SET views = views + 1 WHERE id = (SELECT id FROM tinyblog where id=:article)"$db = new PDO('mysql:host=localhost;dbname=mydb', 'username', 'password');$stmt = $db->prepare($query);$stmt->execute(array(":article"=>$article_id));
我们在这里所做的是用一个占位符创建一个准备好的语句.我们已将其命名为 :article
,但也可以将其保留为 ?
.
然后在执行查询时需要通过传入参数来填充缺失的位.这就是我们在最后一步使用 array(":article"=>$article_id)
因为它是一个命名参数,所以我们使用关联数组.或者,如果您先调用了 bindParam,也可以不带任何参数调用 execute.
I have the following PHP script to update the blog view
in my database,
<?php include('header.php'); ?>
<?php
$article_id = $_POST['article'];
// echo $article_id;
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$con = mysql_connect($dbhost, $dbuser , $dbpass);
$sql = 'SELECT id,blog_title, blog_body, views FROM tinyblog where id="'. $article_id .'" ';
// UPDATE VIEWS.
mysql_query("UPDATE tinyblog SET views = views + 1 WHERE id = {$article_id}" , $con );
mysql_select_db('tinyblog');
$retval = mysql_query( $sql, $con );
if(! $retval ) {
die('Could not get data: ' . mysql_error());
}
while($row = mysql_fetch_array($retval, MYSQL_ASSOC)) {
?>
<div class="article-blog-indiv">
<?php
echo '<h1>'. $row['blog_title'] .'</h1>';
echo '<p>'. $row['blog_body'] .'</p>';
?>
</div>
<?php
}
?>
<?php include('footer.php'); ?>
It is the following line of code that actually updates the views field in my database:
mysql_query("UPDATE tinyblog SET views = views + 1 WHERE id = {$article_id}" , $con );
Now this line of code does't seem to work , as every time i go back and check in phpmyadmin, i see that the views field is still 0
, But when i insert the following statement directly for testing my my phpmyadmin:
mysql_query("UPDATE tinyblog SET views = views + 1 WHERE id = 1);
I see an increment in the views field , why is this happening ??
解决方案A few things that need to be fixed. first you are using mysql when you should be using mysqli or PDO. Second you are using post data without any escaping at all. Thirdly, you don't need this select and update. You can do it in a single statement.
$query = "UPDATE tinyblog SET views = views + 1 WHERE id = (SELECT id FROM tinyblog where id=:article)"
$db = new PDO('mysql:host=localhost;dbname=mydb', 'username', 'password');
$stmt = $db->prepare($query);
$stmt->execute(array(":article"=>$article_id));
What we are doing here is creating a prepared statement with one place holder. We have named it as :article
but it could have been left as ?
instead.
Then when the query is executed you need to fill in the missing bits by passing in parameters. That's what we are doing in the last step with array(":article"=>$article_id)
Since it's a named parameter, we use an associative array. Alternatively you could have called execute without any parameters if you had called bindParam first.
相关文章