LeonMMcoset/leonapp
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

fix: 移除不存在的platform列查询条件

Browse Source 
移除SQL查询中关于apps.platform的条件,因为该列在数据库中不存在。同时优化了评论加载的分页逻辑,使用预处理语句防止SQL注入。
This commit is contained in:
Leonmmcoset
2025-07-08 21:44:46 +08:00
parent 2cce1b6201
commit bb509ca9f9
3 changed files with 25 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api.php
View File

@@ -28,7 +28,7 @@ if (isset($_GET['action'])) {
// 处理应用列表请求 // 处理应用列表请求
if ($action === 'list' && $requestMethod === 'GET') { if ($action === 'list' && $requestMethod === 'GET') {
$sql = "SELECT apps.id, apps.name, apps.description, apps.age_rating, apps.platform, AVG(reviews.rating) as avg_rating $sql = "SELECT apps.id, apps.name, apps.description, apps.age_rating, AVG(reviews.rating) as avg_rating
FROM apps FROM apps
LEFT JOIN reviews ON apps.id = reviews.app_id"; LEFT JOIN reviews ON apps.id = reviews.app_id";
@@ -48,7 +48,7 @@ if (isset($_GET['action'])) {
// 平台过滤 // 平台过滤
if (isset($_GET['platform'])) { if (isset($_GET['platform'])) {
$platform = $_GET['platform']; $platform = $_GET['platform'];
$conditions[] = "apps.platform = ?"; // Removed platform condition - column does not exist
$stmtParams[] = &$platform; $stmtParams[] = &$platform;
$paramTypes .= 's'; $paramTypes .= 's';
} }
@@ -79,7 +79,7 @@ if (isset($_GET['action'])) {
} }
// 添加分页 // 添加分页
$sql .= " GROUP BY apps.id, apps.name, apps.description, apps.age_rating, apps.platform ORDER BY apps.created_at DESC LIMIT ? OFFSET ?"; $sql .= " GROUP BY apps.id, apps.name, apps.description, apps.age_rating ORDER BY apps.created_at DESC LIMIT ? OFFSET ?";
$stmtParams[] = &$limit; $stmtParams[] = &$limit;
$stmtParams[] = &$offset; $stmtParams[] = &$offset;
$paramTypes .= 'ii'; $paramTypes .= 'ii';
@@ -137,11 +137,11 @@ if (isset($_GET['action'])) {
$appId = $_GET['id']; $appId = $_GET['id'];
error_log("Requesting app details for ID: $appId"); error_log("Requesting app details for ID: $appId");
$sqlApp = "SELECT apps.id, apps.name, apps.description, apps.age_rating, apps.platform, apps.created_at, AVG(reviews.rating) as avg_rating $sqlApp = "SELECT apps.id, apps.name, apps.description, apps.age_rating, apps.created_at, AVG(reviews.rating) as avg_rating
FROM apps FROM apps
LEFT JOIN reviews ON apps.id = reviews.app_id LEFT JOIN reviews ON apps.id = reviews.app_id
WHERE apps.id = ? WHERE apps.id = ?
GROUP BY apps.id, apps.name, apps.description, apps.age_rating, apps.platform, apps.created_at"; GROUP BY apps.id, apps.name, apps.description, apps.age_rating, apps.created_at";
$stmt = $conn->prepare($sqlApp); $stmt = $conn->prepare($sqlApp);
$stmt->bind_param("i", $appId); $stmt->bind_param("i", $appId);
$stmt->execute(); $stmt->execute();

25
app.php
View File

@@ -31,6 +31,18 @@ if (!$app) {
// 处理评价加载请求 // 处理评价加载请求
if (isset($_GET['action']) && $_GET['action'] === 'load_reviews') { if (isset($_GET['action']) && $_GET['action'] === 'load_reviews') {
header('Content-Type: text/html; charset=UTF-8'); header('Content-Type: text/html; charset=UTF-8');
// 获取评论数据
$sqlReviews = "SELECT * FROM reviews WHERE app_id = ? ORDER BY created_at DESC, id DESC LIMIT 10 OFFSET ?";
$stmt = $conn->prepare($sqlReviews);
$offset = isset($_GET['offset']) ? intval($_GET['offset']) : 0;
$stmt->bind_param("ii", $appId, $offset);
$stmt->execute();
$resultReviews = $stmt->get_result();
if (!$resultReviews) {
die("Error fetching reviews: " . htmlspecialchars($conn->error));
}
while ($review = $resultReviews->fetch_assoc()) { while ($review = $resultReviews->fetch_assoc()) {
?> ?>
<div class="card mb-3 blur-bg"> <div class="card mb-3 blur-bg">
@@ -77,7 +89,7 @@ $offset = ($page - 1) * $limit;
$hasMore = ($page * $limit) < $reviewCount; $hasMore = ($page * $limit) < $reviewCount;
// 获取评价信息 // 获取评价信息
$sqlReviews = "SELECT * FROM reviews WHERE app_id = $appId ORDER BY created_at DESC LIMIT $limit OFFSET $offset"; $sqlReviews = "SELECT * FROM reviews WHERE app_id = $appId ORDER BY created_at DESC, id DESC LIMIT 10 OFFSET $offset";
$resultReviews = $conn->query($sqlReviews); $resultReviews = $conn->query($sqlReviews);
// 获取评分分布 // 获取评分分布
@@ -266,13 +278,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['rating'])) {
if (loadMoreBtn) { if (loadMoreBtn) {
loadMoreBtn.addEventListener('click', function() { loadMoreBtn.addEventListener('click', function() {
const button = this; const button = this;
const page = button.getAttribute('data-page'); const page = parseInt(button.getAttribute('data-page'));
const appId = <?php echo $appId; ?>; const offset = (page - 1) * 10;
const appId = <?php echo $appId; ?>;
button.innerHTML = '<i class="fas fa-spinner fa-spin"></i> 加载中...'; button.innerHTML = '<i class="fas fa-spinner fa-spin"></i> 加载中...';
button.disabled = true; button.disabled = true;
fetch(`app.php?id=${appId}&page=${page}&action=load_reviews`) fetch(`app.php?id=${appId}&offset=${offset}&action=load_reviews`)
.then(response => response.text()) .then(response => response.text())
.then(html => { .then(html => {
if (html.trim() === '') { if (html.trim() === '') {
@@ -280,9 +293,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['rating'])) {
return; return;
} }
document.getElementById('reviews-container').insertAdjacentHTML('beforeend', html); document.getElementById('reviews-container').insertAdjacentHTML('beforeend', html);
button.setAttribute('data-page', parseInt(page) + 1);
button.innerHTML = '加载更多'; button.innerHTML = '加载更多';
button.disabled = false; button.disabled = false;
button.setAttribute('data-page', parseInt(page) + 1);
}) })
.catch(error => { .catch(error => {
console.error('加载评价失败:', error); console.error('加载评价失败:', error);

2
index.php
View File

@@ -239,7 +239,7 @@ if (!isset($conn) || !$conn instanceof mysqli) {
// 平台筛选 // 平台筛选
if (!empty($_GET['platform'])) { if (!empty($_GET['platform'])) {
$conditions[] = "apps.platform = ?"; // Removed platform condition - column does not exist
$platform = $_GET['platform']; $platform = $_GET['platform'];
$params[] = &$platform; $params[] = &$platform;
$paramTypes .= 's'; $paramTypes .= 's';