我有一个章节表,每个章节都有一个删除按钮。当我点击删除按钮时,如果表中有更多记录,则表的最后一行会被删除,或者行的id被传递给数据库是错误的。
<!doctype html>
<html>
<head>
<title>Files</title>
</head>
<body>
<form method="post" action="deleteFiles.php" enctype="multipart/form-data">
<style>
td {
text-align: center;
border: 1px solid black;
border-collapse: collapse;
}
</style>
Select rank :
<select name="type" id="type" onchange="this.form.submit()">
<?php if(isset($_POST['type']))
{ ?>
<option value="1" <?php echo($_POST['type']==1?"selected":"");?>>SSgt</option>
<option value="2" <?php echo($_POST['type']==2?"selected":"");?>>TSgt</option>
<option value="3" <?php echo($_POST['type']==3?"selected":"");?>>MSgt</option>
</select>
<br><br>
<?php
}
else
{
?>
<option value="1">SSgt</option>
<option value="2">TSgt</option>
<option value="3">MSgt</option>
</select>
<br><br>
<?php
}
?>
<table id="example" style="width:60%">
<tr>
<th><font size="5">Files</font></th>
</tr>
<?php
?>
<?php
ini_set('display_errors', 1);
error_reporting(1);
ini_set('error_reporting', E_ALL);
$dbh = new PDO('mysql:host=174;dbname=airman', 'airman', 'airma');
if(isset($_POST['action'])) {
$stmt = $dbh->prepare("DELETE FROM `files` WHERE `id`= " . $_POST['id']);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($result) > 0)
{
echo 'row deleted';
}
else{
echo 'row could not delete';
}
}
if(isset($_POST['type']))
{
$stmt = $dbh->prepare("SELECT * FROM files where type = :type");
$stmt->bindParam("type", $_POST['type']);
$stmt->execute();
$results = $stmt->fetchall(PDO::FETCH_ASSOC);
}
else{
$stmt = $dbh->prepare("SELECT * FROM files");
$stmt->execute();
$results = $stmt->fetchall(PDO::FETCH_ASSOC);
}
foreach($results as $file)
{
?>
<tr>
<td><?php echo $file['title'];?></td>
<td><input type="submit" id="<?php echo $file['id']?>" name="action" value="Delete">
<input type="submit" id="<?php echo $chap['id']?>" name="edit" value="Edit">
<input type="hidden" name="id" value="<?php echo $file['id']?>" />
</tr>
<?php
}
?>
</table>
</body>
</form>
</html>
<?php
?>
编辑:
<!doctype html>
<html>
<head>
<title>Video Files</title>
</head>
<body>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script>
$('#form').submit(function(ev) {
$('<input type="hidden">').attr({ name: 'type', value: $("select[name='type']").val() }).appendTo($(event.currentTarget));
}
</script>
<form id="form" method="post" action="deleteVideoFiles.php" enctype="multipart/form-data">
<style>
td {
text-align: center;
border: 1px solid black;
border-collapse: collapse;
}
</style>
<br><br><br><br>
Select rank :
<select name="type" id="type" onchange="this.form.submit()">
<?php if(isset($_POST['type']))
{
/* session_start();
$_SESSION['vidType'] = $_POST['type'];*/
?>
<option value="">Select rank...</option>
<option value="1" <?php echo($_POST['type']==1?"selected":"");?>>SSgt</option>
<option value="2" <?php echo($_POST['type']==2?"selected":"");?>>TSgt</option>
<option value="3" <?php echo($_POST['type']==3?"selected":"");?>>MSgt</option>
</select>
<br><br>
<?php
}
else
{
/* session_start();
$_SESSION['vidType'] = $_POST['type'];*/
?>
<option value="">Select rank...</option>
<option value="1">SSgt</option>
<option value="2">TSgt</option>
<option value="3">MSgt</option>
</select>
<br><br>
<?php
}
?>
<table id="example" style="width:80%">
<tr>
<th><font size="5">Video Files</font></th>
</tr>
<?php
?>
<?php
ini_set('display_errors', 1);
error_reporting(1);
ini_set('error_reporting', E_ALL);
$dbh = new PDO('mysql:host=174.75.54;dbname=handbook', 'airman', 'airman12345');
// $dbh = new PDO('mysql:host=localhost;dbname=handbook', 'siddhi', 'siddhi');
if(isset($_POST['action'])) {
$stmt = $dbh->prepare("DELETE FROM `videos` WHERE `id`= :id");
$stmt->bindParam("id", $_POST['id']);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if(count($result) < 0)
{
echo 'row could not delete';
}
}
if(isset($_POST['type']))
{
if(!empty($_POST['type']))
{
$stmt = $dbh->prepare("SELECT * FROM `videos` where type = :type");
$stmt->bindParam("type", $_POST['type']);
$stmt->execute();
$results = $stmt->fetchall(PDO::FETCH_ASSOC);
if(count($results) == 0)
{
echo 'No records available.';
}
}
else{
echo 'empty type';
$stmt = $dbh->prepare("SELECT * FROM `videos`");
$stmt->execute();
$results = $stmt->fetchall(PDO::FETCH_ASSOC);
if(count($results) == 0)
{
echo 'No records available.';
}
}
}
/* elseif(!empty($_SESSION['vidType'])){
echo $_SESSION['vidType'];
echo $_POST['type'];
$stmt = $dbh->prepare("SELECT * FROM `videos` where type = :type");
$stmt->bindParam("type", $_SESSION['vidType']);
$stmt->execute();
$results = $stmt->fetchall(PDO::FETCH_ASSOC);
if(count($results) == 0)
{
echo 'No records available.';
}
}*/
else{
$stmt = $dbh->prepare("SELECT * FROM `videos`");
$stmt->execute();
$results = $stmt->fetchall(PDO::FETCH_ASSOC);
if(count($results) == 0)
{
echo 'No records available.';
}
}
foreach($results as $file)
{
?>
<tr>
<td><?php echo $file['title'];?></td>
<td>
<form method="post" action="deleteVideoFiles.php" enctype="multipart/form-data">
<input type="submit" id="<?php echo $file['id']?>" name="action" value="Delete"><br>
<input type="hidden" name="id" value="<?php echo $file['id']?>"/>
</form> <!-- notice how we built different form for every id-->
</td>
</tr>
<?php
}
?>
</table>
</body>
</form>
</html>
<?php
?>
我发送每个循环的章节ID,这里有什么问题?请帮忙谢谢..
答案 0 :(得分:1)
这是因为以这种方式构建表单元素将导致同一表单中的许多id输入。像这样的东西
<form>
<input name="id" value="1">
<input name="id" value="2">
</form>
在您的服务器代码上,php会将$_POST['id']设置为最后一个2。这就是为什么当按下删除按钮并提交表格时删除您在表单中构建的下一个或最后 ID
如果你需要你的代码以你想要的方式工作,你必须将每个id放在不同的表单元素中,或者你需要一些javascript工作。
我更喜欢为每条记录构建不同的表单。替换该代码
foreach($results as $file)
{
?>
<tr>
<td><?php echo $file['title'];?></td>
<td><input type="submit" id="<?php echo $file['id']?>" name="action" value="Delete">
<input type="submit" id="<?php echo $chap['id']?>" name="edit" value="Edit">
<input type="hidden" name="id" value="<?php echo $file['id']?>" />
</tr>
<?php
}
?>
有这样的东西
foreach($results as $file)
{
?>
<tr>
<td><?php echo $file['title'];?></td>
<td>
<form method="post" action="deleteFiles.php" enctype="multipart/form-data">
<input type="submit" id="<?php echo $file['id']?>" name="action" value="Delete">
<input type="submit" id="<?php echo $chap['id']?>" name="edit" value="Edit">
<input type="hidden" name="id" value="<?php echo $file['id']?>" />
</form> <!-- notice how we built different form for every id-->
</td>
</tr>
<?php
}
?>
另一个注意事项:
$stmt = $dbh->prepare("DELETE FROM `files` WHERE `id`= " . $_POST['id']);
以这种方式使用预准备语句使您仍然容易受到SQL注入的攻击。</ em>
1-将该类deleteForm添加到删除表单中,以便我们可以捕获这些表单并仅绑定它们。
<form method="post" class="deleteForm" action="deleteVideoFiles.php" enctype="multipart/form-data">
2-编辑文档中的脚本标记
<script>
$(function (){
$('form.deleteForm').submit(function(ev) {
$('<input type="hidden">').attr({ name: 'type', value: $("select[name='type']").val() }).appendTo($(ev.currentTarget));
});
})
</script>