我在检查更新 PostgreSQL 中的表的条件时遇到此问题。它必须检查用户是否下载过一次,如果是,则在
acessos<?php
$result2 = pg_query("SELECT * from downloads WHERE (nome = $_POST[nome_download] AND email = $_POST[email_download])");
if (pg_num_rows($result2) == 0){
$result = pg_query("INSERT INTO downloads (nome, email, estado, arquivo, acessos) VALUES ('$_POST[nome_download]','$_POST[email_download]','$_POST[estado_download]','$_SESSION[nome_arquivo_download]','1')");
}else{
$arr[acessos] = $arr[acessos] + 1;
$result = pg_query("UPDATE downloads SET acessos = $arr[acessos] WHERE (nome = $_POST[nome_download] AND email = $_POST[email_download])");
}
if (!$result){
echo "Não foi possível realizar o cadastro. Tente fazer o download mais tarde.";
}
else
{
echo "soft_bd";
pg_close();
}
?>
您指的是
$arracessos您也完全接受SQL注入。请改用准备好的语句。
自 Postgres 9.5 (!) 起,您可以使用 UPSERT 实现在单个语句中完成此操作
INSERT ... ON CONFLICT ... DO UPDATEUNIQUEPRIMARY KEY(nome, email)$sql = 'INSERT INTO downloads AS d (nome, email, estado, arquivo, acessos)
VALUES ($1, $2, $3, $4, 1)
ON CONFLICT ON (nome, email) DO UPDATE
SET acessos = excluded.acessos + 1';
pg_preparepg_executepg_query_paramspg_query_params($sql, array($_POST[nome_download]
, $_POST[email_download]
, $_POST[estado_download]
, $_SESSION[nome_arquivo_download]));