我希望网页应用程序在删除之前要求输入密码。我创建的程序是,在单击删除按钮之前,将出现一个模态并要求输入安全密码。
这是我的源代码:
<?php
session_start();
require 'database.php';
$id = 0;
if ( !empty($_GET['id'])) {
$id = $_REQUEST['id'];
}
?>
<?php
if(isset($_POST['login']))
{
$password = mysql_real_escape_string(trim($_POST["password"], "/\'\"\;"));
$msg = '';
$query = mysql_query("SELECT * from tbl_user where password = '$password'");
{
while($rwOK = mysql_fetch_assoc($query))
{
$_SESSION['password'] = $rwOK['password'];
}
if( $_SESSION['password']==$passsowrd)
{
include 'database.php';
$pdo = Database::connect();
$sql = 'SELECT * FROM customers ORDER BY id DESC';
foreach ($pdo->query($sql) as $row)
{
header("Location: delete_member.php?id=$row[id]");
}
}
else if(empty($password))
{
$msg = '<i><font color="red">Please input Administrator password.</font></i>';
}
else
{
//$_SESSION['tae'] = $tae;
$msg = '<i><font color="red">Invalid Password</font></i>';
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title> Stock Employee </title>
<meta charset="utf-8">
<link href="css/bootstrap.min.css" rel="stylesheet">
<script src="js/bootstrap.min.js"></script>
</head>
<!-- modal -->
<!--
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"> -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<!-- -->
<body>
<div class="container">
<div class="span10 offset1">
<div class="row">
<h3>Delete Record</h3>
</div>
<!-- <form class="form-horizontal" action="delete.php" method="post"> -->
<form class="form-horizontal" action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="hidden" name="id" value="<?php echo $id;?>"/>
<p class="alert alert-error">Are you sure to delete ?</p>
<?php echo !empty($passwordError)?'error':'';?>
<div class="form-actions">
<!-- <button type="submit" class="btn btn-danger">Yes</button> -->
<!-- Trigger the modal with a button -->
<button type="button" class="btn btn-danger" data-toggle="modal" data-target="#myModal">Yes</button>
<!-- Modal -->
<div class="modal fade" id="myModal" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Administrator Access</h4>
</div>
<div class="modal-body">
<div class="control-group <?php echo !empty($passwordError)?'error':'';?>">
<label class="control-label">Password :</label>
<div class="controls">
<input name="password" type="password" placeholder="username" required value="<?php echo !empty($password)?$password:'';?>">
<?php if (!empty($passwordError)): ?>
<span class="help-inline"><?php echo $passwordError;?></span>
<?php endif; ?>
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-danger">Delete</button>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal" name="login">Close</button>
</div>
</div>
</div>
</div>
<a class="btn" href="index.php">No</a>
</div>
</form>
</div>
</div> <!-- /container -->
</body>
</html>
非常感谢任何形式的帮助。谢谢。
答案 0 :(得分:1)
你拼错了$ password变量
if( $_SESSION['password']==$passsowrd)
{
应该是
if( $_SESSION['password']==$password)
{
当你要删除一条记录时,迭代整个customers表也不好,使用where子句获取记录并删除(如果存在),注意类型转换以避免SQL注入。
$sql = 'SELECT * FROM customers WHERE id = '.(int) $id;