尝试从数据库中删除成员

时间:2014-11-28 17:35:24

标签: php mysql sql-delete

我在尝试从我正在使用的数据库中删除某个成员时遇到了一些麻烦,我认为它没有正确获取用户名。这是我用于HTML的表单

deleteForm.php 

<?php
    //begin our session
    session_start();
?>
    <html> 
        <head> 
            <title>Welcome</title> 
        </head> 
            <form action="deleteUser.php">
               <p>
                   <center><label for="Username">Enter username to delete</center></label> 
                   <center><input type="text" id="Username" name="Username" value="" maxlength="20" /></center>
                   <center><input type="submit" value="Delete Member"></center>
               </p> 
            </form>
        </body> 
    </html>

这是处理删除本身的代码:

deleteUser.php 

<?php
//begin our session
session_start();

//Check if username, password have been sent
if((!filter_input(INPUT_POST, 'Username')))
{
    echo 'Please enter a valid username';
}
else
{
    //Enter the valid data into the database
    $memberUsername = filter_input(INPUT_POST, 'Username', FILTER_SANITIZE_STRING);

    echo $memberUsername;

    $SQLhostname = "****";
    $SQLusername = "****";
    $SQLpassword = "****";
    $databaseName = "****";

    try
    {
      echo "in the try block";
        // Create connection
        $conn = mysqli_connect($SQLhostname, $SQLusername, $SQLpassword)
                or die("Unable to connect MySQL");

        $db_selected = mysqli_select_db($conn, $databaseName)
            or die("Could not select database");

        $deleteMember = "DELETE FROM customers
                        WHERE name = 
                        '$memberUsername'";

        $result = $conn->query($deleteMember);

        if(! $result ){
            die('Could not delete member: ' . $conn->error);}
        else{
            echo "Member deleted <br/>";
        }

        mysqli_close($conn);
    }
    catch (Exception $ex) 
    {
       //To be added

    }
}
?>

问题是它总是进入if语句并要求我假设没有设置的有效用户名。

3 个答案:

答案 0 :(得分:2)

method属性添加到form

<form action="deleteUser.php" method="post">
                            <!--^^^^^^^^^^-->
    <p>
        <center><label for="Username">Enter username to delete</center></label>
        <center><input type="text" id="Username" name="Username" value="" maxlength="20" /></center>
        <center><input type="submit" value="Delete Member"></center>
    </p>

答案 1 :(得分:1)

就像一个快速的FYI:

每当表单中的方法被省略时,它默认为GET并且您使用INPUT_POST因此您应该使用INPUT_GET或添加post方法,即:{{1 }}。

参考手册:

另外,为了您的安全性,您的代码是开放的SQL注入。 use mysqli with prepared statementsPDO with prepared statements他们更安全

答案 2 :(得分:0)

在表单标签中添加&#34;方法&#34;属性:

<form ... method="POST">

在PHP脚本中,您可以在变量$ _GET中找到输入值:

$ _ GET [用户名&#39;&#39;]

凯文

相关问题
最新问题