我已经尝试这样做了几个小时,但我无法完全理解它。我有一个名为"请求"的表,其中包含"删除密钥"和"已删除"列。"deletekey"是一个随机的唯一数字(数据类型文本),"deleted"默认设置为0(数据类型布尔值),当用户输入Deletekey时,它将"已删除"更改为1。但我无法让它工作。这是我的代码,我不知道我做错了什么:
$key = $_GET["delkey"];
$link = mysqli_connect("localhost","username","password","dbname");
$query = 'UPDATE requests SET deleted = True WHERE deletekey = "$key"';
$result = $link->query($query);
这应该会有所帮助,并且还将提供针对SQL注入的保护:
$link = mysqli_connect("localhost","username","password","dbname");
$key = $link->real_escape_string($_GET["delkey"]);
$query = sprintf("UPDATE requests SET deleted = 1 WHERE deletekey = '%s'", $key);
$result = $link->query($query);
那不应该
是WHERE deletekey = '$key'吗?deleted字段永远不能等于$key中的任何内容,因为删除是一个简单的布尔值,而$key可能是int/char/varchar类型的东西。
请注意,您容易受到 SQL 注入攻击。停止处理此类代码,直到您了解了问题以及如何避免它。
它的删除键="$key"对吗? 而不是删除 = "$key" :
$key = $_GET["delkey"];
$link = mysqli_connect("localhost","username","password","dbname");
$query = 'UPDATE requests SET deleted = true WHERE deletedkey = "$key"';
$result = $link->query($query);
试试这个?
$link = mysqli_connect("localhost","username","password","dbname");
$key = $link->real_escape_string($_GET["delkey"]);
$query = "UPDATE `requests` SET `deleted` = true WHERE `deletedkey` = $key";
$result = $link->query($query);
$query = 'UPDATE requests SET deleted = 1 WHERE deletekey = "$key"';
查询是一个字符串。要将变量添加到字符串中,您需要键入
$query = 'UPDATE requests SET deleted = True WHERE deleted = '".$key."';
区别在于如何将变量放入字符串中。你必须在 php 中这样做。 $query = "randomtext ". $randomvar ." "; 其中重要的一点是". $var ."字符串内部。这类似于javas "+ var +"