Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Firstly, you need to validate input and your code is vunerable to <a href="http://en.wikipedia.org/wiki/SQL_injection" rel="nofollow noreferrer"><strong>sql injection</strong></a>. Check <a href="https://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php"><strong>How to prevent SQL injection in PHP?</strong></a></p> <blockquote> <p><a href="https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php/14110189#14110189"><strong>Please, don't use <code>mysql_*</code> functions in new code</strong></a>. They are no longer maintained <a href="https://wiki.php.net/rfc/mysql_deprecation" rel="nofollow noreferrer">and are officially deprecated</a>. Learn about <a href="http://j.mp/T9hLWi" rel="nofollow noreferrer"><em>prepared statements</em></a> instead, and use <a href="http://php.net/pdo" rel="nofollow noreferrer">PDO</a> or <a href="http://php.net/mysqli" rel="nofollow noreferrer">MySQLi</a> </p> </blockquote> <p>So with that in mind, here is a PDO script which does the exact same thing, and I realise it's way longer, but you can use it as a class if needed as this is an example only.</p> <pre><code>&lt;?php // create connection to database $conn = new PDO('mysql:dbname=DATABASE_NAME;host=localhost;port=3306', USERNAME, PASSWORD); // prepare query $pdo = $conn-&gt;prepare("UPDATE ss_character SET location = :location WHERE id = :session_id"); // set up parameters $params = ['location' =&gt; (int)$_POST['location'], 'session_id' =&gt; $_SESSION['id']]; // loop through the paramaters to determine the type foreach ($params as $key =&gt; $value) { switch ($value) { case is_int($value): $param = PDO::PARAM_INT; break; case is_bool($value): $param = PDO::PARAM_BOOL; break; case is_null($value): $param = PDO::PARAM_NULL; break; default: $param = PDO::PARAM_STR; break; } // bind paramter to query $pdo-&gt;bindValue(":$key", $value, $param); } // execute the query $result = $pdo-&gt;execute($params); // echo result for ajax echo ($result) ? true : false; </code></pre> <p>And you will want some jQuery to do you ajaxing so the page isn't forced to reload</p> <pre><code>&lt;script&gt; function updatePlayerLocation(location) { // ensure location is numeric or stop if !isNaN(location) return false; // update location via ajax $.ajax({ url: 'http://your_url/to/php/script.php', type: 'POST', data: 'location=' + location, success: function(data) { // log result to console for error trapping purposes console.log(data); } }); // stop link from being processed return false; } &lt;/script&gt; </code></pre> <p>The HTML would of course include <a href="http://jquery.com/" rel="nofollow noreferrer">jQuery</a>, the script above and at least one link:</p> <pre><code>&lt;a href="#" onclick="return updatePlayerLocation(0);"&gt;Location name&lt;/a&gt;&lt;br /&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload