问题
I am new to JQuery and am working on a project. This project isn't supposed to do anything, it's more of a proof of concept so I can learn. SO far I have 3 PHP files, one called 'connection.php' which connects to my local mySQL DB. Another, called 'save_score.php' which would save values to my DB. Last, I have my 'test.php' file which creates a few values and using JQuery sends them to 'save_score.php' to insert them into my DB.
The problem I have is that 'connection.php' works fine. I can hard code an INSERT INTO statement in PHP and send that query to my DB to insert it. So there is nothing wrong with the connection. I also tested, via two echo statements, whether the JQuery was actually sending the values to 'save_score.php', and the echo statements sent back my test values: 'Jeff' and "10'. However, the mySQL INSERT statement does not work to send the values and query to my DB.
So in essence, the statement I have put into '$store' should do the trick, but it's not and I do not know why.
'save_score.php':
<?php
include 'connection.php';
$name = $_POST['name'];
$score = $_POST['score'];
echo $name;
echo $score;
$store = "INSERT INTO `galleryscores` (`player_name`, `player_score`) VALUES ($name, $score)";
$mysqli->query($store);
echo "done";
?>
'connection.php':
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "cs301";
// Create connection
$mysqli = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
'test.php':
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/smoothness/jquery-ui.css">
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
<script type="text/javascript">
var you = 's';
var you_score = 10;
$.post("save_score.php", {
name: you,
score: you_score
})
.done(function(data) {
alert("Data Loaded: " + data);
});
</script>
</head>
<body>
</body>
</html>
回答1:
Here is how this should be done with PDO
$dbh = new PDO('mysql:dbname=cs301;host=localhost', $username, $password);
$stmt = $dbh->prepare('INSERT INTO `galleryscores` (`player_name`, `player_score`) VALUES (:player_name, :player_score)');
$stmt->execute( array('player_name' => $_POST['name'], 'player_score' => $_POST['score']) );
回答2:
While we are at it. How it should be done with MySQLi :D - with error handling
$mysqli = new mysqli($host, $user, $pass, $db);
if($mysqli->connect_error)
die('Connect Error (' . $mysqli->connect_errno . ') '. $mysqli->connect_error);
if ($stmt = $mysqli->prepare("INSERT INTO `galleryscores` (`player_name`, `player_score`) VALUES (?, ?)"))
{
// Bind the values in order to the ?'s or log error
// Assuming Name is a string and score is always an int
if(!$stmt->bind_param("si", $name, $score))
{
die('bind_param() failed: ' . htmlspecialchars($stmt->error));
}
// Execute the completed sql command or log error
if (!$stmt->execute())
{
die('execute() failed: ' . htmlspecialchars($stmt->error));
}
$stmt->close(); // Close the database connection
}
else
{
die('prepare() failed: ' . htmlspecialchars($mysqli->error));
}
回答3:
Try changing your insertion query to this
$store = "INSERT INTO `galleryscores` (`player_name`, `player_score`) VALUES ('".$name."', '".$score."')";
In order for the values to be inserted, they should be passed as string to the query. Ultimately, you are passing a String for execution.
EDITED As told by Matt you should always try and prevent SQL injection. Following shows how to do it :
$query = $mysqli->prepare("INSERT INTO `galleryscores` (`player_name`, `player_score`) VALUES (?, ?)");
$query->bind_param("si", $name, $score);// 's' represents the corresponding variable type is String
$query->excecute();
bind_param documentation
来源:https://stackoverflow.com/questions/45599617/using-jquery-to-insert-values-into-mysql