JavaScript 来更新 MySQL?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7060556/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JavaScript to update MySQL?
提问by Richard Hedges
:)
:)
I'm hoping to make a verysimple rating system. It won't consist of anything like averages, it's literally vote up or vote down, so if there's more votes down it'll go into a minus stance.
我希望制作一个非常简单的评分系统。它不会包含任何类似平均值的东西,它实际上是投赞成票或反对票,所以如果有更多的反对票,它就会变成负数。
What I'd like is for when the links to vote up/down are clicked, the page isn't refreshed, just that rating number. I'm guessing I can do this with JavaScript's append once it calls the new data, however I've no idea how to run the MySQL query with JavaScript.
我想要的是当点击向上/向下投票的链接时,页面没有刷新,只是那个评级号码。我猜我可以用 JavaScript 的 append 一旦它调用新数据来做到这一点,但是我不知道如何用 JavaScript 运行 MySQL 查询。
From what I understand, this isn't all that safe so I'm hoping I can run it from a PHP file?
据我了解,这并不是那么安全,所以我希望我可以从 PHP 文件中运行它?
Can anyone tell me how to do this please?
谁能告诉我如何做到这一点?
回答by Jimmy
You have to have the SQL update query in a PHP file and execute that PHP script via AJAX. For example:
您必须在 PHP 文件中包含 SQL 更新查询并通过 AJAX 执行该 PHP 脚本。例如:
In PHP:
在 PHP 中:
$page_id = mysql_real_escape_string(html_entities($_POST['page_id']));
$rating = mysql_real_escape_string(html_entities($_POST['rating']));
mysql_query(" UPDATE ratings(vote) VALUES ('$rating') WHERE id = '$page_id' ");
AJAX (assuming you are using jQuery):
AJAX(假设您使用的是 jQuery):
function rate(rating, page_id)
{
$.ajax({
url: 'path/to/php_script.php',
type: 'post',
data: 'rating='+rating+'&page_id='+page_id,
success: function(output)
{
alert('success, server says '+output);
}, error: function()
{
alert('something went wrong, rating failed');
}
});
}
HTML:
HTML:
<form>
Like: <input type="button" value="Like" onClick="rate(1, $_GET['page_id'])" />
<br />
Hate: <input type="button" value="Hate" onClick="rate(2, $_GET['page_id'])" />
</form>
回答by bfavaretto
To do that, you use javascript to issue an asyncronous call (ajax) to a php file, which in turn runs the query to update the db, and returns a response to the javascript. Then you use that response to update the user interface. It's not safe to expose the query in javascript, so make sure the query itself is in the php file.
为此,您使用 javascript 向 php 文件发出异步调用 (ajax),然后运行查询以更新数据库,并向 javascript 返回响应。然后您使用该响应来更新用户界面。在 javascript 中公开查询是不安全的,因此请确保查询本身在 php 文件中。
I personally recommend using jQuery's Ajax utilitiesfor easy, cross-browser ajax.
我个人建议使用jQuery 的 Ajax 实用程序来轻松实现跨浏览器的 ajax。
回答by Jonah
AJAX is the answer. I recommend using jQuery or Mootools to do it, they make it easier by several orders of magnitude.
AJAX 就是答案。我建议使用 jQuery 或 Mootools 来做这件事,它们使它更容易几个数量级。
Anyway, the way to do it is to set up a rating PHP script. It accepts an item and a rating via POST data, and uses that data to call the database. Be sure to check the authenticity of the user. Call this page with AJAX, passing the item/rating via POST.
无论如何,这样做的方法是设置一个评级 PHP 脚本。它通过 POST 数据接受一个项目和一个评级,并使用该数据调用数据库。请务必检查用户的真实性。使用 AJAX 调用此页面,通过 POST 传递项目/评级。
http://api.jquery.com/jQuery.post/
http://api.jquery.com/jQuery.post/
回答by genesis
Yes, you can run it from PHP file and you can call PHP file from ajax. Easy example
是的,您可以从 PHP 文件运行它,也可以从 ajax 调用 PHP 文件。简单的例子
<?php
if ($_GET['vote']){
if ($_GET['vote'] != "down" && $_GET['vote'] != "up") die('<script>alert("hacker");</script>');
include 'db.php';
mysql_query("INSERT INTO votes VALUES ('".$_GET['vote']."')");
die("<script>alert('Thanks for voting');</script>");
}
回答by user305266
html_entities() does not exist. Try htmlentities() I also found that mysql_real_escape_string{} prevented the input from being picked up.
html_entities() 不存在。尝试 htmlentities() 我还发现 mysql_real_escape_string{} 阻止了输入被拾取。
The javascript doesn't work. No way to work out why, as it does it silently, as always.
javascript 不起作用。没有办法弄清楚为什么,因为它一如既往地默默地做。
