删除数据库值使用PHP,无法正常工作

时间:2012-12-10 13:35:28

标签: php mysql checkbox sql-delete

我正在尝试从我的表单中删除多个值(它是一个汽车租赁系统,我想让员工能够从记录中删除一辆汽车)。我是PHP的新手,但这就是我现在所拥有的。

<?php
$link = mysql_connect ("xxxx", "xxxx", "xxxx");
mysql_select_db ("xxxx");

    $query = "SELECT * from car";
    $result = mysql_query ($query);
    echo ("<form action=\"deleting2.php\" method=\"GET\">");
    echo "<table id = 'table-3'>";
    echo "<thead>";
    echo "<th>Car ID</th>
    <th>Car Name</th>
    <th>Fuel Type</th>
    <th>Transmission</th>
    <th>Engine Size</th>
    <th>Doors</th>
    <th>Total</th>
    <th>Available</th>
    <th>Date Added</th>
    <th>Delete</th> ";
    echo "</thead>";
    for ($i = 0; $i < mysql_num_rows ($result); $i ++)
      {        
       $row = mysql_fetch_object ($result);
       echo "<tbody>";
       echo "<tr>";
       echo "<td>$row->ID</td>";
       echo "<td>$row->CARNAME</td>";
       echo "<td>$row->FUELTYPE</td>";
       echo "<td>$row->TRANSMISSION</td>";
       echo "<td>$row->ENGINE_SIZE</td>";
       echo "<td>$row->DOORS</td>";
       echo "<td>$row->TOTAL</td>";
       echo "<td>$row->AVAILABLE</td>";
       echo "<td>$row->DATEADDED</td>";
       echo "<td><input type='checkbox' name='delete[]' value='$row->ID' /></td>";
       echo "</tr>";
       echo "</tbody>";
      }
      echo ("<tr><td colspan='6' align='center'><input type=\"submit\" value=\"Delete  \"></td> </tr></table></form>");
      echo  "</table>";
      mysql_close ($link);
      ?>

现在,当我按下删除按钮时,它会转到我的php页面,名为'deletion2.php',如表单操作中所述,其中包含以下代码:

<?php
$link = mysql_connect ("xxxx", "xxxx", "xxxx");
mysql_select_db ("xxxx");

$ID='$_GET[ID]';

// DELETE ANY RECORDS IN DATABASE
for ($i = 0; $i < @mysql_num_rows ($result); $i ++)
{
if(isset($_GET['delete[]']) && $_GET['delete[]']=='$row->ID');
{
   $query=("DELETE FROM car WHERE ID='$_POST[ID]'");
    $result1 = mysql_query($query);
}
}
mysql_close ($link);

?>

问题是,它不会从我的数据库中删除任何内容。处理deletion2.php时,地址栏中的URL为:

  

http://www.computing.northampton.ac.uk/~11430900/a1/webpages/deleting2.php?delete[]=6

根据我的知识,选择票证的值。在这里,我检查了相应的ID值为6的框。因此,复选框DOES工作,它只是对数据库没有任何作用,不删除值。我尝试了很多教程,但我无法使用复选框删除它。任何帮助将不胜感激。

3 个答案:

答案 0 :(得分:1)

您不需要按照问题中提到的跟随循环进行评估

for ($i = 0; $i < @mysql_num_rows ($result); $i ++)
{
if(isset($_GET['delete[]']) && $_GET['delete[]']=='$row->ID');
{
   $query=("DELETE FROM car WHERE ID='$_POST[ID]'");
    $result1 = mysql_query($query);
}
}
mysql_close ($link);

仅限于以下内容。

将您的表单方法更改为POST。

使用以下代码。由于$ _POST ['delete']将是一个数组

,因此必须使用implode
if(isset($_POST['delete']) && count($_POST['delete']) > 0) {
    $query=("DELETE FROM car WHERE ID in ('".implode(',',$_POST['delete'])."')");
    $result1 = mysql_query($query);
}

答案 1 :(得分:0)

您的数据需要清理,但如果您希望ID为数字,则此选项应该正常:

$id = (int)$_GET['ID'];    
$query=("DELETE FROM car WHERE ID=$id");

您确实需要查看代码中剩余的SQL injection次攻击。

答案 2 :(得分:0)

首先,在实现数据库条目删除时要非常小心,因为最终可能会出现空数据库。

其次,请始终清理您的输入以阻止SQL Injection

第三,学习PDO或至少mysqli_*函数而不是mysql_因为它们现在已被弃用,并且可以在任何下一个PHP版本中删除。

现在,对于您的问题,您正在将ID值设置为delete[]数组值,这意味着您应该这样做:

// DELETE THE DESIRED RECORDS IN DATABASE
foreach($_GET['delete'] as $id) {
    $result = mysql_query("DELETE FROM car WHERE ID = '" . mysql_real_escape_string($id) . "'");
    // do something with the $result here ...
}

其他选项可能只是期望整数:

// DELETE THE DESIRED RECORDS IN DATABASE
foreach($_GET['delete'] as $id) {
    $result = mysql_query("DELETE FROM car WHERE ID = '" . (int)$id . "'");
    // do something with the $result here ...
}