我有一个 somefile.php 和 someotherfile.js ,其代码如下
javascript file
function deleteSelectedRow() {
return (confirm('Are you sure you want to delete this record))
};<!DOCTYPE html>
<html lang=" en">
<head>
<title> Title </title>
</head>
<body>
<h1>Select the user to delete from the list below </h1>
<form action="" method="POST">
<?php
if(require_once('../SQL/mySQL_connect.php'))
{
$query = "SELECT id, FirstName, LastName, PhoneNumber FROM participants ORDER BY id ASC";
$userDetails = @mysqli_query($mysqli, $query);
}
else
{
echo "Couldn't connect to database";
echo mysqli_error($mysqli);
}
// mysqli_close($mysqli);
?>
<br><br><br>
<table name="userDetailsTable" id="userDetailsTable" align="left" cellspacing="7" cellpadding="8">
<tr>
<td align="center"><b>S No</b></td>
<td align="center"><b>Id</b></td>
<td align="center"><b>Rank</b></td>
<td align="center"><b>First Name</b></td>
<td align="center"><b>Last Name</b></td>
</tr>
<?php
for($i = 1; $i <= mysqli_num_rows($userDetails); $i++)
// while($row=mysqli_fetch_array($userDetails))
{
$row=mysqli_fetch_array($userDetails);
echo '<tr>
<td align ="center" >'. $i .'</td>
<td align ="center" >' . $row['id'] . '</td>
<td align ="center">' . $row['Rank'] . '</td>
<td align ="center">' . $row['FirstName'] . '</td>
<td align ="center">' . $row['LastName'] . '</td>
<td align ="center"> <input type = submit name="delete" value="delete" onclick="return deleteSelectedRow();" ></input></td>';
echo '</tr>';
}
?>
</table>
</form>
<?php
if(isset($_POST['delete']))
{
require_once('../SQL/mySQL_connect.php');
$query="DELETE FROM `participants` WHERE `participants`.`id` = ".$_POST['IDNumber']."";
$response = @mysqli_query($mysqli, $query);
if($response)
{
echo "Deleted from Database Successfully";
}
else
{
echo "Couldn't Delete from database";
echo'<br>';
echo mysqli_error($mysqli);
}
mysqli_close($mysqli);
}
?>
</body>
此代码的作用如下
我想做的是,显示成功消息后,上述打印的表格应自动更新,以便确认用户ID不再存在于表格中
我尝试了以下解决方案
重新加载页面,以便用户也可以看到成功消息以及更新的表(因为重新加载将重新连接到数据库并重新获取表)
我尝试使用“ location.reload(true)”命令,但我不知道该行的位置,以便在显示成功消息之前就执行该行。
非常感谢您的帮助
答案 0 :(得分:2)
几件事:
1)您希望删除操作成为您在页面上进行的第一件事(如果它是表单提交),因为否则,您将打印“预删除”表。
2)您需要通过表单中的post传递ID。如果只为每一行都具有唯一性,并为每行都具有隐藏的ID输入,则会更容易。
3)确认最好附加在表单提交事件上,因为否则您将错过其他非单击输入法。
4)正如您在问题中所写的那样,您的删除操作容易受到SQL Injection攻击。您将要转义该POST值。
类似下面的方法应该起作用
javascript file
function deleteSelectedRow() {
return (confirm('Are you sure you want to delete this record))
};<?php
$message = '';
$connected = false;
if(require_once('../SQL/mySQL_connect.php'))
{
$connected = true;
}
if($connected && isset($_POST['delete']))
{
$id_to_delete = mysqli_real_escape_string($mysqli, $_POST['IDNumber']);//escape value to prevent sql injection attack
$query="DELETE FROM `participants` WHERE `participants`.`id` = ".$id_to_delete."";
$response = @mysqli_query($mysqli, $query);
if($response)
{
$message = "Deleted from Database Successfully";
}
else
{
$message = "Couldn't Delete from database";
$message .='<br>';
$message .= mysqli_error($mysqli);
}
//mysqli_close($mysqli);
}else{
$message = "unable to connect to database";
}
?><!DOCTYPE html>
<html lang=" en">
<head>
<title> Title </title>
</head>
<body>
<h1>Select the user to delete from the list below </h1>
<?php
if($connected)
{
$query = "SELECT id, FirstName, LastName, PhoneNumber FROM participants ORDER BY id ASC";
$userDetails = @mysqli_query($mysqli, $query);
}
else
{
echo "Couldn't connect to database";
echo mysqli_error($mysqli);
}
?>
<br><br><br>
<?php if($message){ /* do we have a success/error message from the delete operation? */ ?>
<p><?php echo $message; ?></p>
<?php } ?>
<table name="userDetailsTable" id="userDetailsTable" align="left" cellspacing="7" cellpadding="8">
<tr>
<td align="center"><b>S No</b></td>
<td align="center"><b>Id</b></td>
<td align="center"><b>Rank</b></td>
<td align="center"><b>First Name</b></td>
<td align="center"><b>Last Name</b></td>
</tr>
<?php
for($i = 1; $i <= mysqli_num_rows($userDetails); $i++)
// while($row=mysqli_fetch_array($userDetails))
{
$row=mysqli_fetch_array($userDetails);
echo '<tr>
<td align ="center" >'. $i .'</td>
<td align ="center" >' . $row['id'] . '</td>
<td align ="center">' . $row['Rank'] . '</td>
<td align ="center">' . $row['FirstName'] . '</td>
<td align ="center">' . $row['LastName'] . '</td>
<td align ="center"> <form action="" method="POST" onsubmit="return deleteSelectedRow();"><input type="hidden" name="IDNumber" value="'.$row['id'].'" /><input type = submit name="delete" value="delete"></form></td>';
echo '</tr>';
}
?>
</table>
<?php if($connected){
mysqli_close($mysqli);
} ?>
</body>
答案 1 :(得分:1)
您需要将成功/错误消息存储在$_SESSION["flash"]中,而不是通过echo显示,并且删除用户后,您必须重定向到同一页面。
在页面顶部,如果设置了$_SESSION["flash"],则可以显示该消息并将其从会话中删除。在代码中:
if(isset($_POST['delete']))
{
require_once('../SQL/mySQL_connect.php');
$query="DELETE FROM `participants` WHERE `participants`.`id` = ".$_POST['IDNumber']."";
$response = @mysqli_query($mysqli, $query);
if($response)
{
$_SESSION["flash"] = "Deleted from Database Successfully";
}
else
{
$_SESSION["flash"] = "Couldn't Delete from database";
//echo'<br>';
//echo mysqli_error($mysqli);
}
mysqli_close($mysqli);
header('Location: '.$_SERVER['PHP_SELF']);
}
并且位于isset($_POST['delete'])之前的页面顶部:
if(isset($_SESSION["flash"])){
echo $_SESSION["flash"];
unset($_SESSION["flash"]);
}
请不要忘记页面顶部的start_session()。
我会注意到您的代码具有SQL注入漏洞。如果不验证GET和POST输入数据,则不应执行MySQL查询。