我已经设置了一个脚本,在一个表中显示我的数据库的所有成员,这些成员都有所谓的“挂起点”。在该表中有一个按钮,管理员可以单击该按钮,将表中那一行中的那些挂起的点数发送给用户,并将“挂起的点数”重置为0。我已经编写了发送这些点的脚本,但它似乎没有改变任何东西,即使它确实提供了成功的消息。如有任何帮助,我们不胜感激!
这是一张可以澄清的图片:
用于发送积分的代码(sendpoints.php):
<?
include ("connect.php");
$result = mysqli_query($conn,"SELECT * FROM members WHERE pendingpoints > 0 ");
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$send = $_POST['send'];
if ($send) {
mysqli_query($conn,"UPDATE members SET points='$newpoints' WHERE
username='$username'");
mysqli_query($conn,"UPDATE members SET pendingpoints='0' WHERE
username='$username'");
$username = $row['username'];
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
echo "Succesfully changed points for that user";
}
?>
用于显示表的代码:
<?
include ("connect.php");
$submit = $_POST['submit'];
if ($submit) {
$result = mysqli_query($conn,"SELECT * FROM members WHERE pendingpoints > 0 ");
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
while ($row = mysqli_fetch_assoc($result))
{
$username = $row['username'];
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
$ip = $row['ip'];
echo "<table border='1'>
<tr>
<td><b>Username:</b></td>
<td><b>Pendingpoints:</b></td>
<td><b>IP:</b></td>
<td><b>Confirm Points:</b></td>
</tr>
<tr>
<form id='1' action='sendpoints.php' method='post'>
<td> $username </td>
<td> $pendingpoints </td>
<td> $ip </td>
<td><input type='submit' class='classname' name='send' value='Send'></form></td>
</tr>
<br> </table>";
}
}
?>
发布于 2013-12-31 02:18:20
根据我的理解,你只想把点击按钮的点数发送给特定的人,但在你的代码中,你在做其他的事情。
注意:我在表单中添加了隐藏变量,以便仅将积分发送给该特定用户
<?
include ("connect.php");
if (isset($_POST['send'])) {
$username=$_POST'username'];
$result = mysqli_query($conn,"SELECT * FROM members WHERE username='$username' ");
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
$q=mysqli_query($conn,"UPDATE members SET points='$newpoints',pendingpoints=0 WHERE
username='$username'");
if($q){
echo "Succesfully changed points for that user";
}
}
?>
用于显示表的代码:
<?
include ("connect.php");
$submit = $_POST['submit'];
if ($submit) {
$result = mysqli_query($conn,"SELECT * FROM members WHERE pendingpoints > 0 ");
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
while ($row = mysqli_fetch_assoc($result))
{
$username = $row['username'];
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
$ip = $row['ip'];
echo "<table border='1'>
<tr>
<td><b>Username:</b></td>
<td><b>Pendingpoints:</b></td>
<td><b>IP:</b></td>
<td><b>Confirm Points:</b></td>
</tr>
<tr>
<td> $username </td>
<td> $pendingpoints </td>
<td> $ip </td>
<td><form id='1' action='sendpoints.php' method='post'><input type='submit' class='classname' name='send' value='Send'><input type='hidden' name='username' value='$username'></form></td>
</tr>
<br> </table>";
}
}
?>
发布于 2013-12-31 01:54:03
在第一个脚本中,没有定义$row
。
编辑:由于代码已更新,因此逻辑似乎不正确。您需要从$_POST拉取用户名,并在更新中使用它。
然而,有两个大问题:你没有处理像‘这样的特殊字符的转义。这会破坏表单,并打开mysql注入的安全漏洞。
https://stackoverflow.com/questions/20844736
复制相似问题