从数据库中删除用户

时间:2015-10-16 16:00:46

标签: php mysql

我一直在尝试(非常新的PHP)通过HTML页面从我的数据库中删除用户。这就是我所拥有的:

<form name="my_form" method="post" action="delete_user.php">
    User Name: <input type="text" name="username_delete" placeholder="username"><br />
    <input type="submit" name="btn_delete" value="Delete User" />
</form>

然后delete_user.php:

<?php
session_start();
include_once 'dbconnect.php';

if (isset($_POST['btn_delete']){
    $username = $_POST('username_delete');
    $sql = mysql_query("DELETE * FROM users WHERE user_id='$username'");

    if($sql){
        echo "Deleted";
    }
}
?>

然后我的数据库是这样的:

http://i.imgur.com/pOSWWK8.png

我输入&#34;劳力士&#34;在页面上的文本框中按Enter键,它不会删除。我究竟做错了什么?谢谢!

EDIT ***** 以下是我现在所使用的不符合以下用户发布的内容: 

error_reporting(E_ALL); // Remove this line before putting live!
session_start();

    if(isset($_POST['btn_delete']){
        // Initialise PDO connection (May need to abstract connection to an include)
        $pdo = new PDO('mysql:host=localhost;dbname=xxx', 'xxx', 'xxxxx');

        $statement = $pdo->prepare("DELETE FROM users WHERE username = ?");
        $username = $_POST['username_delete'];
        $statement->execute(array($username));

        echo "Deleted.";
    }

HTML保持不变。

4 个答案:

答案 0 :(得分:2)

完整代码已修复:

<?php
error_reporting(E_ALL); // Remove this line before putting live!
session_start();
include_once 'dbconnect.php';

if(isset($_POST['btn_delete']){
    $username = $_POST['username_delete'];
    $sql = mysql_query("DELETE FROM users WHERE username='$username'");

    if($sql){
        echo "Deleted";
    }
}
?>

作为旁注,以这种方式编写代码会使您的页面出现SQL注入漏洞。

第二个注释mysql_query在PHP中已弃用,将在以后的版本中删除。

答案 1 :(得分:1)

您的DELETE语法错误删除(*)。

使用DELETE FROM Table WHERE id=id 

<?php
session_start();
include_once 'dbconnect.php';

if(isset($_POST['btn_delete']){
$username = $_POST['username_delete'];
$sql = mysql_query("DELETE FROM users WHERE user_id='$username'");

if($sql){
    echo "Deleted";
}else{
  header('location:index.php');
}
}
?>

答案 2 :(得分:1)

您的查询使用了错误的语法并查询了错误的列。

DELETE FROM users WHERE username = ?

您也对SQL注入持开放态度。以上是一个示例或准备好的查询。

如果您需要使用已弃用的mysql_函数,请尝试... 

session_start();
include_once 'dbconnect.php';
if(isset($_POST['btn_delete']){
     $username = mysql_real_escape_string($_POST['username_delete']);
     $sql = mysql_query("DELETE FROM users WHERE username ='$username'");
     if($sql){
         echo "Deleted";
     }
}

此外,您对$username的分配不正确,arrays可以通过[]{}访问,而不是()

  

方括号和花括号可以互换使用来访问数组元素(例如$ array [42]和$ array {42}在上面的例子中都会做同样的事情。)

所以

$username = $_POST('username_delete');

需要

$username = $_POST['username_delete'];


$username = $_POST{'username_delete'};

答案 3 :(得分:0)

作为我之前回答的扩展,以下是使用PDO进行SQL注入预防的完整代码:

<?php

error_reporting(E_ALL); // Remove this line before putting live!
session_start();

if(isset($_POST['btn_delete']){
    // Initialise PDO connection (May need to abstract connection to an include)
    $pdo = new PDO('mysql:host=localhost;dbname=mydb', 'username', 'password');

    $statement = $pdo->prepare("DELETE FROM users WHERE username = ?");
    $username = $_POST['username_delete'];
    $statement->execute(array($username));

    echo "Deleted.";
}

我希望这可以帮助你,但没有错误,很难找到问题的根源。如果您是新的PHP开发人员,那么这是一个很好的资源:http://www.phptherightway.com/

相关问题
最新问题