删除按钮以删除用户记录PHP

时间:2015-08-11 01:24:12

标签: php mysql database mysqli delete-record

以下代码全部放在我网站上名为'useraccount.php'的文件中。由于目前存在,此页面包含一个用于登录管理员添加新用户帐户的表单,以及下面显示数据库中已有帐户的表格。我想为每个现有帐户添加一个“删除”按钮,并尝试了各种方法来合并它,但还没有找到一个有效的解决方案。如果有人可以与我分享一些专业知识,我将非常感激。我需要知道如何设置按钮来继承数据库行号变量,以便php可以识别要删除的行,以及在php中安全执行删除查询的位置和方式。注释在代码中显示我的部分尝试。

当前的PHP代码

<?php 

require("connect.php");

if(empty($_SESSION['user']) || empty($_SESSION['adminaccess']))
{ 
    header("Location: login.php"); 
    die("Redirecting to login.php"); 
}

//BEGIN DATA FETCHING TO DISPLAY CURRENT USERS
$query = " 
    SELECT 
        id, 
        username,
        display_name, 
        email,
        admin
    FROM users 
"; 

try 
{ 
    $stmt = $db->prepare($query); 
    $stmt->execute(); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to run query: " . $ex->getMessage()); 
} 

$rows = $stmt->fetchAll();
//END DATA FETCHING TO DISPLAY CURRENT USERS



//BEGIN USER DELETE FUNCTION
//IM NOT SURE HOW TO SET THIS UP, OR IF IT'S EVEN IN THE RIGHT PLACE

$id = isset($_POST['id'])?intval($_POST['id']):0;
if($id>0) { $query = "DELETE FROM users WHERE id = '$id'";
}
//END USER DELETE FUNCTION



//BEGIN FOR ADD NEW USER
if(!empty($_POST)) 
{ 
    if(empty($_POST['username'])) 
    { 
        header("Location: useraccounts.php");
        die("Redirecting to: useraccounts.php");
        $error = "Please enter a username.";
    } 

    if(empty($_POST['password'])) 
    { 
        header("Location: useraccounts.php");
        die("Redirecting to: useraccounts.php");
        $error = "Please enter a password."; 
    } 

    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) 
    { 
        header("Location: useraccounts.php");
        die("Redirecting to: useraccounts.php");
        $error = "Invalid E-Mail Address"; 
    } 

    $query = "
        SELECT 
            1 
        FROM users 
        WHERE 
            username = :username 
    "; 

    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
        header("Location: useraccounts.php");
        die("Redirecting to: useraccounts.php");
        $error = "This username is already in use"; 
    } 

    $query = " 
        SELECT 
            1 
        FROM users 
        WHERE 
            email = :email 
    "; 

    $query_params = array( 
        ':email' => $_POST['email'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
        header("Location: useraccounts.php");
        die("Redirecting to: useraccounts.php");
        $error = "This email address is already registered"; 
    } 

    $query = " 
        INSERT INTO users ( 
            username,
            display_name,
            password,
            salt,
            email,
            admin
        ) VALUES ( 
            :username,
            :display_name,
            :password,
            :salt,
            :email,
            :admin
        ) 
    "; 

    $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 

    $password = hash('sha256', $_POST['password'] . $salt); 

    for($round = 0; $round < 65536; $round++) 
    { 
        $password = hash('sha256', $password . $salt); 
    } 

    $query_params = array( 
        ':username' => $_POST['username'],
        ':display_name' => $_POST['display_name'],
        ':password' => $password,
        ':salt' => $salt, 
        ':email' => $_POST['email'],
        ':admin' => $_POST['admin'] 
    ); 

    try 
    { 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
        die("Failed to run query: " . $ex->getMessage()); 
    } 

    header("Location: useraccounts.php"); 
    die("Redirecting to useraccounts.php"); 
}
?>

显示“添加新帐户”表单

的表格
<h3>Add an Account</h3>
<form action="useraccounts.php" method="post"> 
<p class="label">Username:</p> 
    <input class="text" type="text" name="username" value="" />
<p class="label">Display Name(s):</p> 
    <input class="text" type="text" name="display_name" value="" />
<p class="label">E-Mail:</p> 
    <input class="text" type="text" name="email" value="" />
<p class="label">Password:</p> 
    <input class="text" type="password" name="password" value="" />
<p class="label">Admin Account?</p> 
    <input type="radio" id="r1" name="admin" value="0" checked="checked" /><label for="r1"><span></span>No</label>
    <input type="radio" id="r2" name="admin" value="1" /><label for="r2"><span></span>Yes</label></br>
<p class="error"><?php echo $error; ?></p>
<button class="contact" type="submit" name="submit">Create Account</button> 
</form>

显示现有用户帐户的表

<h3>Current Accounts List</h3>
<table class="parent-accounts"> 
<tr>
    <th><h4>ID</h4></th> 
    <th><h4>Username</h4></th> 
    <th><h4>Display Name(s)</h4></th>
    <th><h4>E-Mail Address</h4></th>
    <th><h4>Admin</h4></th>
</tr>
<?php foreach($rows as $row): ?> 
<form action="useraccounts.php?id=<?php echo $id['id'];?>" method="post">
<tr>
    <td><?php echo $row['id']; ?></td> 
    <td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?></td>
    <td><?php echo htmlentities($row['display_name'], ENT_QUOTES, 'UTF-8'); ?></td>
    <td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?></td> 
    <td><?php echo htmlentities($row['admin'], ENT_QUOTES, 'UTF-8'); ?></td>
    <td><input type="submit" name="submit" value="Delete User" /></td>
</tr>
</form>
<?php endforeach; ?>
</table>

1 个答案:

答案 0 :(得分:0)

&#39; ID&#39;由表单发布,您的删除用户查询似乎没问题。您需要执行查询。并且可能确保在获取当前用户之前处理删除请求。

&#13;
&#13;
<?php 

require("connect.php");

if(empty($_SESSION['user']) || empty($_SESSION['adminaccess']))
{ 
    header("Location: login.php"); 
    die("Redirecting to login.php"); 
}

//BEGIN USER DELETE FUNCTION
//IM NOT SURE HOW TO SET THIS UP, OR IF IT'S EVEN IN THE RIGHT PLACE
if(isset($_SESSION['adminaccess']))  //if user has admin privilege
{
    $id = isset($_POST['id'])?intval($_POST['id']):0;
    if($id>0)  //if valid id for deleting is posted
    { 
      $query = 'DELETE FROM users WHERE id = '.$id;
      echo '<script>alert("Query: '.$query.'");</script>';  //debug line, remove this later
      try
      {
         $stmt = $db->prepare($query);
         $stmt->execute();
      }
      catch(PDOException $ex)
      {
         die("Failed to run query: " . $ex->getMessage()); 
      }
    }
    else
    {
       echo '<script>alert("Invalid ID: '.$id.'");</script>';  //debug line, remove this later
    }
}
else
{
    echo '<script>alert("No admin access privilege.");</script>';  //debug line, remove this later
}
//END USER DELETE FUNCTION

//BEGIN DATA FETCHING TO DISPLAY CURRENT USERS
$query = " 
    SELECT 
        id, 
        username,
        display_name, 
        email,
        admin
    FROM users 
"; 

try 
{ 
    $stmt = $db->prepare($query); 
    $stmt->execute(); 
} 
catch(PDOException $ex) 
{ 
    die("Failed to run query: " . $ex->getMessage()); 
} 

$rows = $stmt->fetchAll();
//END DATA FETCHING TO DISPLAY CURRENT USERS

..........


?>
&#13;
&#13;
&#13;