我有一个引用脚本这个脚本
<?php
ob_start();
define('DB_HOST', 'localhost');
define('DB_NAME', 'dbnamehere');
define('DB_USER', 'dbuserhere');
define('DB_PASS', 'dbpasshere');
mysql_connect(DB_HOST,DB_USER,DB_PASS);
mysql_select_db(DB_NAME);
$id = $_REQUEST['id'];
$uid = $_REQUEST['uid'];
$oid = $_REQUEST['oid']; // completed offer or payment method
$new = $_REQUEST['new'];
$total = $_REQUEST['total'];
$sig = $_REQUEST['sig'];
$timestamp = date("Y-m-d H:i:s");
// Secrete Key
$key = 'e5870b6ab402d790a5d6bd1cefaee7c4';
// Compare results
$hash = md5($id.':'.$new.':'.$uid.':'.$key);
// Output results
if ($sig == $hash) {
print "1'n";
//Users point update query here
$users = mysql_query("SELECT points FROM users WHERE id=".$uid);
$rows = mysql_fetch_array($users);
$user_points = $rows['points'];
$query1 = mysql_query("update users set points=($user_points+$new/2) where id=$uid ");
//Updating referral coins
$query2 = "select points, referral_id from users where referral_id=".$uid;
$user_rows = mysql_query($query2);
$all=mysql_fetch_array($user_rows,MYSQL_BOTH);
if($all['referral_id'] != 0){
echo $referal_points = intval((25/100) * $new);
$update_referral_points = "update users set points = points + '$referal_points' WHERE id = ".$all['referral_id'];
mysql_query($update_referral_points);
}
} else {
print "0'n";
}
?>
当我运行这个脚本时,数据库行不更新,参见下面的示例
id | points | referral_id
---|--------|--------
1 | 1000 | 2
2 | 2000 | 0
3 | 1000 | 2
例如:
if $uid = 1 &$new = 100或$uid = 3 &$new = 100
我们需要将$new=(100*25)/100 = +25奖励给id=2中的id=2,因为id= 1 &2 .
id | points | referral_id
---|--------|--------
1 | 1100 | 2
2 | 2000 | 0
3 | 1100 | 2
成功后,我期待这样的结果
id | points | referral_id
---|--------|--------
1 | 1100 | 2
2 | 2025 | 0
3 | 1100 | 2
脚本成功打印"1'n";query1也工作没有query2,当我运行query2它停止更新数据库,甚至停止打印"1'n";
在更新查询中,where子句应该是;WHERE id = ".$all['referral_id']因为referral_id是referrer的id。
您的代码可能容易受到SQL注入。