phpmyadmin我无法删除用户

时间:2018-12-31 12:48:54

标签: php html

当用户单击“删除”时,我写了一个代码,但它没有删除帐户,仅注销,我尝试在Internet上搜索,但没有找到任何帮助。 这是代码:

<?php include('server.php'); 

session_start();

if (isset($_GET['delete'])) {
    $query = "DELETE FROM `users` WHERE `username` = '$username', `password`='$password'";
    mysqli_query($db, $query);
    session_destroy();
    unset($_SESSION['username']);
    unset($_SESSION['password']);
    unset($_SESSION['money']);
    header("location: login.php");
}
?>

此代码有解决方案吗?我应该使用AND而不是逗号,因为那样行不通,也许是错误的。 $query的代码与phpmyadmin上使用的代码相同,并且在此成功。

很抱歉server.php 这是它的代码:

使用md5加密密码也不是一个好主意,我可能需要更改它。

这里是login.php,第一个代码来自此(注册按钮未正确编程):

<?php include('server.php'); 
	
	session_start();
	
	if (isset($_GET['delete'])) {
		$stmt = $db->prepare('DELETE FROM users WHERE username = ? AND password = ?');
		$stmt->bind_param('ss', $_SESSION['username'], $_SESSION['password']); // 's' specifies the variable type => 'string'
		$stmt->execute();
		session_destroy();
		unset($_SESSION['username']);
		unset($_SESSION['password']);
		unset($_SESSION['money']);
		header("location: login.php");
	}
?>
<!DOCTYPE html>
<html>
<head>
	<title>Login</title>
	<link rel="stylesheet" type="text/css" href="style.css">
	<script>
		function register() {
			header("location: register.php");
		}
	</script>
</head>
<body>
	</br>
	</br>
	</br>
	</br>
	</br>
	</br>
	</br>
	</br>
	
	<form method="post" action="login.php" align="center">

		<?php include('errors.php'); ?>

		<div class="input-group">
			<label>Username</label>
			<input type="text" name="username" >
		</div>
		<div class="input-group">
			<label>Password</label>
			<input type="password" name="password">
		</div>
		<br/>
		<div class="input-group">
			<button type="submit" class="btn" name="login_user">Login</button>
		</div>
		<p></p></br>
		<p>
			<small class="input-group"> Not yet a member? </small> <button type="button" class="btn2" onclick="register()" name="register">Register</button>
		</p>
	</form>

</body>
</html>

这是register.php:

<?php include('server.php') ?>
<!DOCTYPE html>
<html>
<head>
	<title>Registration system PHP and MySQL</title>
	<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
	</br></br></br></br></br></br></br>
	<div class="header">
		<h2>Register</h2>
	</div>
	
	<form method="post" action="register.php">

		<?php include('errors.php'); ?>

		<div class="input-group">
			<label>Username</label>
			<input type="text" name="username" value="<?php echo $username; ?>">
		</div>
		<div class="input-group">
			<label>Email</label>
			<input type="email" name="email" value="<?php echo $email; ?>">
		</div>
		<div class="input-group">
			<label>Password</label>
			<input type="password" name="password_1">
		</div>
		<div class="input-group">
			<label>Confirm password</label>
			<input type="password" name="password_2">
		</div>
		<div class="input-group">
			<button type="submit" class="btn" name="reg_user">Register</button>
		</div>
		<p>
			Already a member? <a href="login.php">Sign in</a>
		</p>
	</form>
</body>
</html>

这是errors.php:

<?php  if (count($errors) > 0) : ?>
	<div class="error">
		<?php foreach ($errors as $error) : ?>
			<p><?php echo $error ?></p>
		<?php endforeach ?>
	</div>
<?php  endif ?>

这是index.php:

<?php 
	session_start(); 

	if (!isset($_SESSION['username'])) {
		$_SESSION['msg'] = "You must log in first";
		header('location: login.php');
	}

	if (isset($_GET['logout'])) {
		session_destroy();
		unset($_SESSION['username']);
		unset($_SESSION['password']);
		unset($_SESSION['money']);
		header("location: login.php");
	}
	
?>
<!DOCTYPE html>
<html>
<head>
	<title>Home</title>
	<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
	<div class="content">

		<!-- notification message -->
		<?php if (isset($_SESSION['success'])) : ?>
			<div class="error success" >
				<h3>
					<?php 
						echo $_SESSION['success']; 
						unset($_SESSION['success']);
					?>
				</h3>
			</div>
		<?php endif ?>

		<!-- logged in user information -->
		<?php  if (isset($_SESSION['username'])) : ?>
			<p>Welcome <strong><?php echo $_SESSION['username']; ?></strong></p>
			<p> <a href="index.php?logout='1'" style="color: red;">logout</a> </p>
			<p> <a href="login.php?delete='1'" style="color: red;">delete</a> </p>
		<?php endif ?>
	</div>
		
</body>
</html>

1 个答案:

答案 0 :(得分:0)

在不知道server.php的内容的情况下,我看到一些错误。首先,您的代码容易受到SQL注入的攻击。关于SO的讨论有几个主题,请读一个here

从代码开始-$db$username$password未定义。从下一行猜测,它必须是$_SESSION['username']$_SESSION['password']

此外,SQL对我而言似乎无效,但这是我不确定的一件事-根据我的大脑,应该是

$stmt = $db->prepare('DELETE FROM users WHERE username = ? AND password = ?');
$stmt->bind_param('ss', $_SESSION['username'], $_SESSION['password']); // 's' specifies the variable type => 'string'
$stmt->execute();

我也希望您不要以明文形式存储密码。

相关问题
最新问题