+----------------+-----------+
|name(varchar)PK |money(int) |
+----------------+-----------+
我怎么能制定一个查询,以便它可以:查询插入或如果需要更新记录
1.Be能够插入的名称和货币价值
2.如果说名字已经存在,它应该只通过增加它的值和它从表单中获得的值来更新钱列。 尝试使用:
REPLACE INTO practable SET name = '$name', money = 'money' + $amount
它满足第一个要求,但在更新钱列它只是取代了旧的价值用新的,不添加它们。
下面是完整的代码(草案版本):
<?php
//This script by another form which takes the amount and name paramters from user
if(!empty($_GET['nameg']) && !empty($_GET['amountg'])){
$user="root";
$pass="password";
$db="practice";
$name=$_GET['nameg'];
$amount=$_GET['amountg'];
mysql_connect('localhost',$user,$pass) or die("Connection Failed!, " . mysql_error());
$query="REPLACE INTO practable SET name = '$name', given = 'given' + $amount";
mysql_select_db($db) or die("Couldn't connect to Database, " . mysql_error());
mysql_query($query) or die("Couldn't execute query! ". mysql_error());
mysql_close() or die("Couldn't disconnect!");
}
?>
您试过了: REPLACE INTO实际SET name ='$ name',money = SUM(money,$ amount) 顺便说一下。你的代码非常危险!它允许SQL注入攻击。 – 2012-03-17 19:56:58
请阅读SQL注入...请参阅:http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain – Johan 2012-03-17 20:01:59
我知道,这是草稿版本:)谢谢反正! – tutak 2012-03-17 20:09:05