PHP SQL查詢中的變量

-1

這個腳本里面的變量根本不起作用，它驅使我瘋了，如果有人能幫上忙，那會很棒！PHP SQL查詢中的變量

<?php 
$db = mysql_connect('HOST', 'USER', 'PASS') or die('Could not connect: ' . mysql_error()); 
mysql_select_db('DBNAME') or die('Could not select database'); 

// Strings must be escaped to prevent SQL injection attack. 
$name = mysql_real_escape_string($_GET['name'], $db); 
$score = mysql_real_escape_string($_GET['score'], $db); 
$QuestionN = mysql_real_escape_string($_GET['QuestionN'], $db);   
$hash = $_GET['hash']; 
$num = (int)$QuestionN; 
$var1  = mysql_real_escape_string($_POST['var1']); 
$var2  = mysql_real_escape_string($_POST['var2']);   


$secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below 

$real_hash = md5($name . $score . $secretKey); 
if($real_hash == $hash) { 
$query = mysql_query("UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2); 
//$query = mysql_query("UPDATE Quiz1 SET " . $score . " = (1 + ". $score .")". " WHERE Question = " . $QuestionN); 
//$query = mysql_query("UPDATE Quiz1 SET A = (1 + A) WHERE Question = 1 "); 

    $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
} 
print($var1) ; 
?>

與PDO，繼承人的相同代碼的人誰需要它更好的PHP的做法清理這件事。

<?php 
     // Configuration 
     $hostname = 'host'; 
     $username = 'user'; 
     $password = 'pass'; 
     $database = 'DBNAME'; 
    //$score = 'A' ; 

     $name = $_GET['name']; 
     $score = $_GET['score']; 
    $QuestionN = $_GET['QuestionN']; 
     $table = $_GET['table']; 
$hash = $_GET['hash']; 
    $num = (int)$QuestionN; 
     $secretKey="SecretKey"; # Change this value to match the value stored in the client javascript below 

     $real_hash = md5($name . $score . $secretKey); 
     // if($real_hash == $hash) { 



     try { 
      $conn = new PDO('mysql:host='. $hostname .';dbname='. $database, $username, $password); 
    echo "Connected to database"; // check for connection 
    //$dbh->exec("UPDATE Quiz1 SET $score = 1 WHERE Question = 1"); // THIS DOES NOT 
    //$dbh->exec("UPDATE Quiz1 SET B = 1 WHERE Question = 1"); // THIS WORKS 
$conn->exec("SET CHARACTER SET utf8");  // Sets encoding UTF-8 
//$score = 'A'; 
//$scoreB = 'A'; 
//14 
$author = 'Imanda'; 
//15 
//$id = 1 ; 
//16 
// query 
//$table = 'Quiz1'; 
//17 
$sql = "UPDATE $table 

     SET $score = (1 + $score) 

     WHERE Question = ? " ; 
//20 
$q = $conn->prepare($sql); 
//21 
$q->execute(array($QuestionN)); 




    //AddScore($dbh,'Quiz1','A','1'); 



} 
catch(PDOException $e) 
    { 
    echo $e->getMessage(); 
    } 
// } 
?>

來源

2012-07-21 Keithsoulasa

哪裏是腳本？ – 2012-07-21 05:29:24

在我的網站服務器的根， – Keithsoulasa 2012-07-21 05:33:37

像如果我不通過任何varibles它，然後它的工作和哈希變量正在收到只是發現 – Keithsoulasa 2012-07-21 05:34:11

您在兩個地方，它應該只在一個地方使用的mysql_query。

$query = mysql_query("UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2); 

    $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
}

到

$query = "UPDATE Quiz1 SET " . $var1 . " = (1 + ". $var1 .")". " WHERE Question = " . $var2; 
    $result = mysql_query($query) or die('Query failed: ' . mysql_error()); 
}

來源

2012-07-21 05:36:18

它仍然不能正常工作，我從C＃腳本發送var值，它驅使我瘋狂，因爲它昨晚效果很好！ – Keithsoulasa 2012-07-21 05:52:26

嘗試回顯查詢並在mysql控制檯中執行查詢並檢查錯誤... – 2012-07-21 06:05:33

我正在運行PHP vars，所以我沒有該選項 – Keithsoulasa 2012-07-21 06:31:07