PHP MYSQL:每次在浏览器中加载页面时增加视图列的正确代码
我正在尝试在我的图书网站上创建一个“视图”系统。
我有以下表格,其中包含以下列:
Books
-bookid
-bookname
-authorid
-views
我的网页设置为显示基于 $_GET['bookid'] 变量的书籍,我想添加 1(增加 views 针对该特定书籍的一列)
我尝试使用以下代码,但它没有更新我的表:
<?php $sql = "UPDATE `books` \n" . "SET views = views+1 WHERE" . $_GET['bookid'] .= "bookid"; ?>
另外:我使用 dreamweaver 来运行记录集查询)所以也许有些不同。
请帮忙!
旁注:您能为像我这样的绝对初学者推荐一本学习 php 和 mysql 的好书/视频或书面教程吗!
I am trying to create a "views" system on my books website.
I have the following tables with the following columns:
Books
-bookid
-bookname
-authorid
-views
my webpage is set up to display a book based on the $_GET['bookid'] variable and I want to add 1 (increment the views column by one for that particular book)
I tried using the following code but it didn't update my table:
<?php $sql = "UPDATE `books` \n" . "SET views = views+1 WHERE" . $_GET['bookid'] .= "bookid"; ?>
ALSO: I used dreamweaver to run the recordset query) so maybe something is different.
Please Help!
Sidenote: Can you please recommend a good book/video or written tutorial to learn php and mysql for absolute beginners like my self!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这很重要:不要在 SQL 查询中直接包含 $_GET 参数。
这会使您的网站容易受到 SQL 注入攻击。通过使用以下方式清理您的输入:
您显然需要执行该查询,您正在这样做吗?
编辑:
另外,只是一个提示,因为您使用的是
$_GET,所以您应该执行类似yourscript.php?book_id=12345的内容,这就是您正在做的事情吗?This is important: don't include $_GET paramaters directly in your SQL query.
This makes your website vulnerable to an SQL Injection attack. Sanatise your inputs by using:
You obviously need to execute that query, are you doing that?
EDIT:
Also, just a tip, since you're using
$_GETyou should be executing something likeyourscript.php?book_id=12345, is that what you're doing?您已经找到了一些学习 PHP 的最佳方法:编写代码,当您不了解更多信息时来到这里:)(除此之外,我手上没有真正好的教程;)
至于你的问题:
$_GET['bookid']的值,$sql的值,哦,等等。
你实际上并没有在代码中执行sql,只是用查询生成一个字符串。您需要打开连接等,还是您正在这样做并将其留在这里?
you've already found some of the best ways to learn PHP: writing code and coming here when you don't know further :) (don't have a real good tutorial on my hands beyond that ;)
As for your question:
$_GET['bookid']$sqloh wait.
you're not actually executing the sql in your code, just generating a string with the query. you need to open a connection etc, or are you doing that and leaving it out here?
你的查询看起来有点不对劲。试试这个:
$sql = '更新书籍 SET 视图 = 视图+1 WHERE bookid = ' . intval($_GET['book_id']);
Your query looks slightly off. Try this:
$sql = 'UPDATE books SET views = views+1 WHERE bookid = ' . intval($_GET['book_id']);