我对mysql db真的很不好，需要帮助。

我需要从表中输入数据UPDATE表旧值+输入中的新数据。

这是我的PHP代码，我需要更改

<?php
$data = json_decode(file_get_contents("php://input"));
$zm = mysql_real_escape_string($data->zlatni_medvjed);
$ck = mysql_real_escape_string($data->crna_kraljica);
$gv = mysql_real_escape_string($data->gricka_vjestica);
$dk = mysql_real_escape_string($data->dva_klasa);

mysql_connect("localhost","root","");
mysql_select_db("medvedgrad");
mysql_query(" INSERT INTO stanje_piva(`zlatni_medvjed`, `crna_kraljica`, `gricka_vjestica`,`dva_klasa`)
VALUES('{$zm}','{$ck}','{$gv}','{$dk}') ");
?>

您确实应该通过使用带有准备好的语句的MySQLi或PDO来保护代码。就是说，您的问题是在打开连接之前使用mysql_real_escape_string()。

从mysql_real_escape_string()的manual


  在没有MySQL连接的情况下执行此功能也会发出E_WARNING级PHP错误。仅在存在有效的MySQL连接的情况下执行此功能。


这意味着您应该将连接放在文件之上，

mysql_connect("localhost","root","");
mysql_select_db("medvedgrad");

$data = json_decode(file_get_contents("php://input"));
$zm = mysql_real_escape_string($data->zlatni_medvjed);
$ck = mysql_real_escape_string($data->crna_kraljica);
$gv = mysql_real_escape_string($data->gricka_vjestica);
$dk = mysql_real_escape_string($data->dva_klasa);

mysql_query(...);

error_reporting(E_ALL);
ini_set('display_errors', 1);

$mysql_host = "localhost";
$mysql_username = "root";
$mysql_password = "";
$mysql_database = "medvedgrad";

// First we create the connection
$pdo = new PDO("mysql:host=".$mysql_host .";dbname=".$mysql_database .";charset=utf8", $mysql_username, $mysql_password);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$data = json_decode(file_get_contents("php://input"));
$zm = $data->zlatni_medvjed;
$ck = $data->crna_kraljica;
$gv = $data->gricka_vjestica;
$dk = $data->dva_klasa;

// Then we prepare, and execute the query
$stmt = $pdo->prepare("INSERT INTO stanje_piva (`zlatni_medvjed`, `crna_kraljica`, `gricka_vjestica`, `dva_klasa`) VALUES (:zm, :ck, :gv, :dk)");
$stmt->execute(array("zm" => $zm, "ck" => $ck, "gv" => $gv, "dk" => $dk));