在我的网站上删除数据库条目时遇到问题

Question

我已将database table回显到我的网站上并在表格旁边打勾选项，您可以tick和delete网站上的任何条目，它应该删除它来自数据库。由于某种原因，它不起作用，我是一个初学者，非常感谢任何帮助。

    <form method="" action="tester.php">
      <?php 

    include 'connect_to_mysql.php';

    $count=mysql_num_rows($result);
    $result = mysql_query("SELECT * FROM booking ORDER BY ID ASC");

    echo "<table border='1'>
    <tr>
    <th>DEL</th>
    <th>Name</th>
    <th>Email ID</th>
    <th>Phone Number</th>
    <th>Collection Address</th>
    <th>Collection Date</th>
    <th>Collection Time</th>
    <th>Make & Model</th>
    <th>Message</th>

    </tr>";

    while($row = mysql_fetch_array($result))
      {
          ?>
               <td align="center" bgcolor="#FFFFFF"><input name="delete_these[]"                                                                                                                         type="checkbox" id="checkbox[]" value="<?php echo $row['ID']; ?>"></td>
       <?php
    echo "<td>" . $row['name'] . "</td>";
    echo "<td>" . $row['email'] . "</td>";
      echo "<td>" . $row['phonenumber'] . "</td>";
      echo "<td>" . $row['collectionaddress'] . "</td>";
      echo "<td>" . $row['collectiondate'] . "</td>";
      echo "<td>" . $row['collectiontime'] . "</td>";
      echo "<td>" . $row['makemodel'] . "</td>";
      echo "<td>" . $row['message'] . "</td>";
      echo "</tr>";
      }
    echo "</table>";
    ?> <br>
    <td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit"                 id="delete" value="Delete"></td>
    </tr>

    <?php
    // Check if delete button active, start this 
    if(isset($_GET['delete']))  {

    for($i=0;$i<$count;$i++){
    $id = $checkbox[$i];
    print_r($_GET['delete_these']);
    $ids = implode(', ', $_POST['delete_these']);
    $sql = "DELETE FROM booking WHERE id IN($ids)";
    echo "<br />SQL: $sql<br />";
    $result = mysql_query($sql);
    }

    // if successful redirect to delete_multiple.php 
    if($result){

    }
    }
    mysql_close();
    ?>
    </form>

Answer 1

将表单标记替换为：

<form method="post" action="tester.php">

然后这3：

if(isset($_POST['delete']))

$id =(int)$_POST['delete_these'][$i];

$sql = "DELETE FROM booking WHERE id=$id";

在这3个地方：

if(isset($_GET['delete']))

$id = $checkbox[$i];

$sql = "DELETE FROM booking WHERE id IN($ids)";

您的$id = $checkbox[$i];仅在register_globals指令处于启用状态时才有效，由于其导致的安全问题，现在已弃用（并且自PHP 5.4起删除），如果它存在于PHP版本中您正在使用大多数托管服务将其关闭。

您将通过帖子发送数据，以便通过$_POST访问它们。 (int)之前的$_POST是将任何内容转换为整数，因此如果用户尝试发送字符串，它将变为0，这将保护您免受sql注入。

SIDE注意您应该停止使用mysql_ *函数，因为它们已被弃用。查看PDO或mysqli

Answer 2

您在表单标记中添加了方法 -

<form  method="post" action="tester.php" >

并将if(isset($_GET['delete']))替换为if(isset($_POST['delete']))