不工作時,我嘗試更新我的數據庫更改現有用戶的位置,我收到的文本中,需要回聲,但用戶的細節都沒有改變。 這是我的代碼 - 服務器的細節已被刪除的目的是爲了保護隱私。更新現有用戶在PHP
{
$server = '';
$connectionInfo = array("Database"=>"");
$conn = sqlsrv_connect($server,$connectionInfo);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
date_default_timezone_set('Europe/London');
$username = $_POST['username'];
$location = $_POST['location'];
$dateAndTime = date('d-m-y h:i a', time());
$selection_query = "SELECT 1 FROM users WHERE username = '".$username."'";
$result = sqlsrv_query($conn, $selection_query, array($username));
if (sqlsrv_fetch_array($result) == 0)
{
echo "Username does not exist.";
}
else
{
$updateUserQuery = "UPDATE users SET location='$location' datetime='$dateAndTime' where username='$username'";
sqlsrv_query($conn, $updateUserQuery);
echo $username;
echo "'s location has been successfully updated to ";
echo $location;
echo " at ";
echo $dateAndTime;
echo ".";
}
sqlsrv_close($conn);
}
嘗試增加sqlsrv_query($康恩,$ updateUserQuery)或死亡(sqlsrv_error()); – delboy1978uk
[Little Bobby](http://bobby-tables.com/)說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can- I-防止-SQL注入式-PHP)***。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
'更新位置設置位置...',這似乎是錯誤的,那是除非你實際上有一個名爲'location'的表格,其中有一個名爲'location'的列。喲耶... –