Php 得到错误的回答
我得到了以下代码,我没有发现错误。 当我执行它时,我总是得到“无请求” $username等于Reebal,$user等于Simon Ajax/jQueryPhp 得到错误的回答,php,jquery,ajax,mysqli,Php,Jquery,Ajax,Mysqli,我得到了以下代码,我没有发现错误。 当我执行它时,我总是得到“无请求” $username等于Reebal,$user等于Simon Ajax/jQuery $("#cancel_friend").click(function(e){ var user = "<?php echo $user_username; ?>"; var type = "cancel_friend" $.ajax({ type: "POST", url:
$("#cancel_friend").click(function(e){
var user = "<?php echo $user_username; ?>";
var type = "cancel_friend"
$.ajax({
type: "POST",
url: "../system/friend_system.php",
data: {
user: user,
type: type
},
success: function(data, status){
if(data == "friend_request_canceled"){
$("#cancel_friend").css("display", "none");
}else{
$(".error_msg_container").html(data);
}
},
error: function(){
alert(data);
}
希望您能帮助我。现在在我的手机上,所以我不能很好地查看它,您的SQL查询是不安全的。使用mysqli或pdo。 您忘记了sql查询中的,下面是sql注入安全代码:
$con = new PDO("mysql:host=localhost;dbname=dbName" , "dbPassword","dbUsername"); // connecting with PDO
$query = $con->prepare("SELECT COUNT(id) FROM friends WHERE user1 = :username AND user2 = :username2 AND accepted = \"0\" LIMIT 1"); // Preparing a query
$query->bindParam(":username" , $username, PDO::PARAM_STR); // binding parameters in a safe way
$query->bindParam(":username2",$username2,PDO::PARAM_STR);
$query->execute();
$result = $query->fetchAll(); // fetching the result and putting it in result
如果不起作用,请不要评论此评论您在哪里设置
$username$con = new PDO("mysql:host=localhost;dbname=dbName" , "dbPassword","dbUsername"); // connecting with PDO
$query = $con->prepare("SELECT COUNT(id) FROM friends WHERE user1 = :username AND user2 = :username2 AND accepted = \"0\" LIMIT 1"); // Preparing a query
$query->bindParam(":username" , $username, PDO::PARAM_STR); // binding parameters in a safe way
$query->bindParam(":username2",$username2,PDO::PARAM_STR);
$query->execute();
$result = $query->fetchAll(); // fetching the result and putting it in result