$sql="DELETE FROM Persons WHERE Day = '$_POST[Day]' AND Time = '$_POST[Time]'");
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Records Deleted";
我正在尝试从上一页解析的信息中删除记录。我的陈述不会发生,我很困惑。
任何人都知道我做错了什么?
答案 0 :(得分:4)
你的代码是开放的sql注入,你的问题是由使用保留字TIME和DAY引起的,用``:
包装它们$day=mysqli_real_escape_string($con, $_POST['day']);
$time=mysqli_real_escape_string($con, $_POST['time']);
$sql="DELETE FROM Persons WHERE `Day` = '$day' AND `Time` = '$time' ");
答案 1 :(得分:0)
这: -
$sql="DELETE FROM Persons WHERE `Day` = '".$mysqli->real_escape_string($_POST['Day'])."' AND `Time` = '".$mysqli->real_escape_string($_POST['Time'])."' ");
首先,你有SQL注入,这是你应该关注的一些好事: - http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/SQL_injection#Escaping
http://en.wikipedia.org/wiki/SQL_injection#External_links
并且,我不确定,您是如何使用保留的'Day'和'Time'名称创建列的。首先,您需要将名称更改/更改为保留名称以外的名称。
答案 2 :(得分:-3)
变化
$sql="DELETE FROM Persons WHERE Day = '$_POST[Day]' AND Time = '$_POST[Time]' ");
到
$sql= "DELETE FROM Persons WHERE `Day` = '".$mysqli->real_escape_string($_POST['Day'])."' AND `Time` = '".$mysqli->real_escape_string($_POST['Time'])."'";