表单操作不通过php / html发布

时间:2014-08-02 14:35:39

标签: javascript php forms session post

将表单中的某些信息发布到删除功能时出现问题,我可能会为此而自擂,但我找不到答案。

  • 管理员/ index.php的
  • LIB / admin_functions.php
  • LIB / delete_user.php

如上所述,我有3个文件。

它自己的功能如下:

// Display users
function get_all_users() {
    global $con;
    $sql = "SELECT * FROM users ORDER BY id ASC";
    $result = mysqli_query($con, $sql);
    echo "<tr><td>   </td><td> User ID </td><td> Username </td><td> Email Address </td><td> Zendesk User Id </td><td>
    Zendesk View ID </td><td> Firstname </td><td> Surname </td><td> Nickname </td><td> Active 
    </td><td> Admin </td><td> Display Stats?</td><td> Remove User </td></tr>";
    while($row = mysqli_fetch_array($result)) {
        // Displaying all user details
        echo "<tr><td><img height='40' width='40' src='{$row['user_photo']}'></td><td>" .$row['id']. "</td><td>" .$row['user_name']. "</td><td>" .$row['email_address']. "</td><td>" .$row['zendesk_user_id']."</td><td>"
         .$row['zendesk_view_id']. "</td><td>" .$row['user_firstname']. "</td><td>" .$row['user_surname']. "</td><td>" .$row['user_nickname'].  "</td><td>"
         .$row['is_active']. "</td><td>" .$row['is_admin']. "</td><td>" .$row['display_stats'].
         // Form for deleting a user
         "</td><td><form id='delete_user' accept-charset='UTF-8' action='/delete_user.php' role='form' method='POST'><input type='checkbox' value='Delete'><input type='hidden' name='user_id' value='{$row['id']}'></td></tr>";
    }
    echo "<tr><td> Delete Selected User(s) </td><td>";
    echo "<input type='submit' name='submit' value='Delete My Account' onClick=\"return confirm('Are you sure you want to delete this account?')\"></td></form></tr>";
}

上面的函数属于admin_functions.php,它显示我的所有用户都有一个额外的列,其中有一个删除的复选框,底部是一个带有删除按钮的表单。

然后我有了delete_user代码

<?php
session_start();
if( ! $_SESSION['loggedIn'] && ! $_SESSION['isAdmin']) {
    // If not admin or logged in, die
    die();
}
require_once(dirname(__FILE__).'/admin_functions.php');
require_once(dirname(__FILE__).'/../config.php');

// DELETE USER 

$user_id = mysql_real_escape_string( $_POST['user_id'] );

// Insert the customer, including the password hash
$sql = "DELETE FROM users where id = '{$user_id}' limit 1";
if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
}

print "User Deleted";
mysqli_close($con);

?>

最后在索引文件中,我有一些调用函数的东西。

<?php get_all_users(); ?>

我遇到的问题是代码全部按预期显示,但在警告消息后没有任何反应。似乎没有任何内容发布到delete_user.php,我看到apache2中没有错误,我的控制台也没有。

有什么想法吗?

5 个答案:

答案 0 :(得分:1)

你还没有做有效的HTML:

这就是你所拥有的:

<tr>
    <td>
        <form>
    </td>
</tr>
<tr>
    <td></td>
    <td></td>
        </form>
</tr>

这就是你应该拥有的:

<tr>
    <td>
        <form>
            <table><tr><td><!-- checkbox --></td><td><!-- submit --></td></tr></table>
        </form>
    </td>
</tr>

编辑:嗯......我会尝试使用有效的HTML表单重写您的函数:

function get_all_users() {
    global $con;
    $sql = "SELECT * FROM users ORDER BY id ASC";
    $result = mysqli_query($con, $sql);
    echo "<tr><td> </td><td> User ID </td><td> Username </td><td> Email Address </td><td> Zendesk User Id </td><td> Zendesk View ID </td><td> Firstname </td><td> Surname </td><td> Nickname </td><td> Active </td><td> Admin </td><td> Display Stats?</td><td> Remove User </td></tr>";
    while($row = mysqli_fetch_array($result)) {
        // Displaying all user details
        echo "<tr><td><img height='40' width='40' src='" .$row['user_photo']. "'></td><td>" .$row['id']. "</td><td>" .$row['user_name']. "</td><td>" .$row['email_address']. "</td><td>" .$row['zendesk_user_id']."</td><td>" .$row['zendesk_view_id']. "</td><td>" .$row['user_firstname']. "</td><td>" .$row['user_surname']. "</td><td>" .$row['user_nickname'].  "</td><td>" .$row['is_active']. "</td><td>" .$row['is_admin']. "</td><td>" .$row['display_stats']. "</td>
         <td>
         <form id='delete_user' accept-charset='UTF-8' action='/delete_user.php' role='form' method='POST'>
         <table>
         <tr>
         <td><input type='checkbox' value='Delete'><input type='hidden' name='user_id' value='". $row['id']. "'></td>
         </tr>
         <tr>
         <td> Delete Selected User(s) </td>
         <td><input type='submit' name='submit' value='Delete My Account' onClick=\"return confirm('Are you sure you want to delete this account?')\"></td>
         </tr>
         </table>
         </form>
         </td>
         </tr>";
    }
}

答案 1 :(得分:1)

根据我们的聊天对话,我提交以下答案以便结束问题并标记为已解决。

您需要进行一些轻微的HTML /表修改。此外,您需要稍后修改它以使其成为更安全的方法。

我没有时间添加额外的东西。

您也没有任何<table></table>代码。

使用以下链接&gt;&gt;&gt; mysqli_ with prepared statementsPDO prepared statements将有助于SQL注入。

<?php 

$DB_HOST = "xxx"; // replace
$DB_NAME = "xxx"; // replace
$DB_USER = "xxx"; // replace
$DB_PASS = "xxx"; // replace

$con = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($con->connect_errno > 0) {
  die('Connection failed [' . $con->connect_error . ']');
}

$sql = "SELECT * FROM users ORDER BY id ASC";
$result = mysqli_query($con, $sql);


echo "<!DOCTYPE html>" . "\n";
echo "<head></head>" . "\n";
echo "<body>" . "\n";

echo "<form id='delete_user' accept-charset='UTF-8' action='' role='form' method='POST'>" . "\n";

echo "<table>" . "\n";
echo "<tr><td> User ID </td><td> Username </td><td> Email Address </td><td> Zendesk User Id </td><td>
Zendesk View ID </td><td> Firstname </td><td> Surname </td><td> Nickname </td><td> Active 
</td><td> Admin </td><td> Display Stats?</td><td> Remove User </td></tr>" . "\n";

while($row = mysqli_fetch_array($result)) {
    // Displaying all user details
    echo "<tr><td>USER PHOTO CODE</td><td>" .$row['id']. "</td><td>" .$row['user_name']. "</td><td>" .$row['email_address']. "</td><td>" .


     "</td>\n<td><input type='checkbox' name='user_id[]' value='{$row['id']}'></td></tr>" . "\n";
echo "<tr><td> Delete Selected User(s) </td><td>" . "\n";

}

echo "<input type='submit' name='submit' value='Delete My Account' onClick=\"return confirm('Are you sure you want to delete this account?')\"></td>\n</tr>" . "\n";

echo "</table>" . "\n";

echo "</form>";

echo "</body></html>" . "\n";

if(isset($_POST['submit'])){

foreach($_POST['user_id'] as $id){
    $id = (int)$id;
    $delete = "DELETE FROM users WHERE id = $id"; 
    mysqli_query($con,$delete);
}

print "User Deleted";
mysqli_close($con);

}

答案 2 :(得分:0)

正在while循环中创建表单,而结束标记和提交按钮位于循环之外。 因此,创建了多个表单和一个提交按钮。 理想情况下它应该像

打开表单

while循环,创建复选框 循环结束

提交按钮

关闭表格。

答案 3 :(得分:0)

首先,您在表单中使用checkboxes,因此应将隐藏变量user_id声明为array 

<input type='hidden' name='user_id[]' value='{$row['id']}'>

然后在你的php文件中delete_user.php使用以下代码删除用户

            //echo "<pre>";print_r($_POST);exit; //check user ids using print_r() function
            $user_id = $_POST['user_id'];
            foreach($user_id as $userid) {
                // Insert the customer, including the password hash
                $sql = "DELETE FROM users where id = '$userid' limit 1";
                if (!mysqli_query($con,$sql)) {
                  die('Error: ' . mysqli_error($con));
                }
            }

答案 4 :(得分:0)

你混合了两个apis。它必须是mysqli_real_escape_string而不是mysql_real_escape_string

相关问题
最新问题