我正在尝试从我的表单中删除多个值(它是一个汽车租赁系统,我想让员工能够从记录中删除一辆汽车)。我是PHP的新手,但这就是我现在所拥有的。
<?php
$link = mysql_connect ("xxxx", "xxxx", "xxxx");
mysql_select_db ("xxxx");
$query = "SELECT * from car";
$result = mysql_query ($query);
echo ("<form action=\"deleting2.php\" method=\"GET\">");
echo "<table id = 'table-3'>";
echo "<thead>";
echo "<th>Car ID</th>
<th>Car Name</th>
<th>Fuel Type</th>
<th>Transmission</th>
<th>Engine Size</th>
<th>Doors</th>
<th>Total</th>
<th>Available</th>
<th>Date Added</th>
<th>Delete</th> ";
echo "</thead>";
for ($i = 0; $i < mysql_num_rows ($result); $i ++)
{
$row = mysql_fetch_object ($result);
echo "<tbody>";
echo "<tr>";
echo "<td>$row->ID</td>";
echo "<td>$row->CARNAME</td>";
echo "<td>$row->FUELTYPE</td>";
echo "<td>$row->TRANSMISSION</td>";
echo "<td>$row->ENGINE_SIZE</td>";
echo "<td>$row->DOORS</td>";
echo "<td>$row->TOTAL</td>";
echo "<td>$row->AVAILABLE</td>";
echo "<td>$row->DATEADDED</td>";
echo "<td><input type='checkbox' name='delete[]' value='$row->ID' /></td>";
echo "</tr>";
echo "</tbody>";
}
echo ("<tr><td colspan='6' align='center'><input type=\"submit\" value=\"Delete \"></td> </tr></table></form>");
echo "</table>";
mysql_close ($link);
?>
现在,当我按下删除按钮时,它会转到我的php页面,名为'deletion2.php',如表单操作中所述,其中包含以下代码:
<?php
$link = mysql_connect ("xxxx", "xxxx", "xxxx");
mysql_select_db ("xxxx");
$ID='$_GET[ID]';
// DELETE ANY RECORDS IN DATABASE
for ($i = 0; $i < @mysql_num_rows ($result); $i ++)
{
if(isset($_GET['delete[]']) && $_GET['delete[]']=='$row->ID');
{
$query=("DELETE FROM car WHERE ID='$_POST[ID]'");
$result1 = mysql_query($query);
}
}
mysql_close ($link);
?>
问题是,它不会从我的数据库中删除任何内容。处理deletion2.php时,地址栏中的URL为:
http://www.computing.northampton.ac.uk/~11430900/a1/webpages/deleting2.php?delete[]=6
根据我的知识,选择票证的值。在这里,我检查了相应的ID值为6的框。因此,复选框DOES工作,它只是对数据库没有任何作用,不删除值。我尝试了很多教程,但我无法使用复选框删除它。任何帮助将不胜感激。
答案 0 :(得分:1)
您不需要按照问题中提到的跟随循环进行评估
for ($i = 0; $i < @mysql_num_rows ($result); $i ++)
{
if(isset($_GET['delete[]']) && $_GET['delete[]']=='$row->ID');
{
$query=("DELETE FROM car WHERE ID='$_POST[ID]'");
$result1 = mysql_query($query);
}
}
mysql_close ($link);
仅限于以下内容。
将您的表单方法更改为POST。
使用以下代码。由于$ _POST ['delete']将是一个数组
,因此必须使用implodeif(isset($_POST['delete']) && count($_POST['delete']) > 0) {
$query=("DELETE FROM car WHERE ID in ('".implode(',',$_POST['delete'])."')");
$result1 = mysql_query($query);
}
答案 1 :(得分:0)
您的数据需要清理,但如果您希望ID为数字,则此选项应该正常:
$id = (int)$_GET['ID'];
$query=("DELETE FROM car WHERE ID=$id");
您确实需要查看代码中剩余的SQL injection次攻击。
答案 2 :(得分:0)
首先,在实现数据库条目删除时要非常小心,因为最终可能会出现空数据库。
其次,请始终清理您的输入以阻止SQL Injection
。
第三,学习PDO
或至少mysqli_*
函数而不是mysql_
因为它们现在已被弃用,并且可以在任何下一个PHP版本中删除。
现在,对于您的问题,您正在将ID值设置为delete[]
数组值,这意味着您应该这样做:
// DELETE THE DESIRED RECORDS IN DATABASE
foreach($_GET['delete'] as $id) {
$result = mysql_query("DELETE FROM car WHERE ID = '" . mysql_real_escape_string($id) . "'");
// do something with the $result here ...
}
其他选项可能只是期望整数:
// DELETE THE DESIRED RECORDS IN DATABASE
foreach($_GET['delete'] as $id) {
$result = mysql_query("DELETE FROM car WHERE ID = '" . (int)$id . "'");
// do something with the $result here ...
}