首先,您需要验证输入,并且您的代码可以运行到

sql injection.检查

How to prevent SQL injection in PHP?

07002. They are no longer maintained 07003. Learn about 07004 instead, and use 07005 or 07006

所以考虑到这一点,这里有一个PDO脚本完成同样的事情,我意识到它的时间更长,但如果需要你可以将它作为一个类使用,因为这只是一个例子.

// create connection to database

$conn = new PDO('mysql:dbname=DATABASE_NAME;host=localhost;port=3306', USERNAME, PASSWORD);

// prepare query

$pdo = $conn->prepare("UPDATE ss_character SET location = :location WHERE id = :session_id");

// set up parameters

$params = ['location' => (int)$_POST['location'], 'session_id' => $_SESSION['id']];

// loop through the paramaters to determine the type

foreach ($params as $key => $value) {

switch ($value) {

case is_int($value):

$param = PDO::PARAM_INT;

break;

case is_bool($value):

$param = PDO::PARAM_BOOL;

break;

case is_null($value):

$param = PDO::PARAM_NULL;

break;

default:

$param = PDO::PARAM_STR;

break;

}

// bind paramter to query

$pdo->bindValue(":$key", $value, $param);

}

// execute the query

$result = $pdo->execute($params);

// echo result for ajax

echo ($result) ? true : false;

你会想要一些jQuery来做你的ajaxing所以页面不会被迫重新加载

function updatePlayerLocation(location) {

// ensure location is numeric or stop

if !isNaN(location) return false;

// update location via ajax

$.ajax({

url: 'http://your_url/to/php/script.php',

type: 'POST',

data: 'location=' + location,

success: function(data) {

// log result to console for error trapping purposes

console.log(data);

}

});

// stop link from being processed

return false;

}

HTML当然包括jQuery,上面的脚本和至少一个链接：

Location name