所以我希望能够使用表格中每行旁边的按钮删除PHP中的记录。我无法在任何可以帮助我解决问题的地方找到一个好的教程而且我真的被困住了,不知道该怎么办。
如果有人可以告诉我该怎么做,这是我的代码:
<!DOCTYPE html>
<html>
<head>
<title>PCSS Grad Gown</title>
<link rel="stylesheet" type="text/css" href="Grad_Gown_Report.css">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js">
</script>
<style>
body {
background-image: url("http://www.miguelmontalban.com/wp-content/uploads/2015/11/uSr9bZA-fancy-background-images.jpg");
}
td {
color: white;
}
.Grad_Table {
color :white;
}
</style>
</head>
<body>
<?php
$servername = "Private";
$username = "Private";
$password = "Private";
$dbname = "Private";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
$order;
}
$order = $_GET['order'];
if (!$order) {
$order = "name";
}
$sql = mysqli_query ($conn, "SELECT * FROM Information ORDER By $order");
?>
<div class="table-responsive" id="grad_table">
<br>
<br>
<table class="Grad_Table" width="100%" border="12px">
<thead>
<tr>
<td><a href="Grad_Gown_Report.php">Name:</a></td>
<td><a href="Grad_Gown_Report_2.php">Student #:</a></td>
<td>Homeform #:</td>
<td>Unit:</td>
<td>Height:</td>
<td>Size:</td>
<td></td>
</tr>
</thead>
<tbody>
<?php
while ($rows = mysqli_fetch_assoc($sql)) {
?>
<tr>
<td><?php echo $rows['Name'];?></td>
<td><?php echo $rows['Studentnum'];?></td>
<td><?php echo $rows['Homeform'];?></td>
<td><?php echo $rows['Unit'];?></td>
<td><?php echo $rows['Height'];?></td>
<td><?php echo $rows['Size'];?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
</div>
</body>
</html>
我可以完美地从数据库中检索数据,其他所有功能都可以完全按照我的需要运行。我唯一需要的是删除功能。我尝试了很多东西,包括W3学校的教程,我尝试了面向对象和程序方法,但它们都给了我同样的错误。我真的更喜欢一个单独的delete.php文件,但我对任何有用的东西都很好。
答案 0 :(得分:0)
创建一个PHP脚本,按ID删除条目,然后在创建表行时,输出指向具有给定ID的脚本的链接。
// Using your code as a reference
while($rows = mysqli_fetch_assoc($sql)) : ?>
<tr>
<td>
<a href="/somepath/delete_entry.php?entry_id=<?php echo $row['Id']; ?>">Delete Entry</a>
</td>
</tr>
endwhile;
删除脚本如下所示:
<?php
// Perform any user auth here ...
// Connect to mysql here ...
if(!isset($_GET['entry_id'])) {
die('You need to provide an ID');
}
$id = $_GET['entry_id'];
// Ensure the ID is an integer or an int-like string
if(!ctype_digit("$id")) {
die('Invalid ID provided');
}
// We've verified that if $id is a string, it is an int-like string; otherwise, it is actually an integer.
// Let's convert it to an actual integer
$id = (int) $id;
// At this point, if you have users and users own this resource, you might check to make sure they actually have permission to delete the requested resource.
$query = "DELETE FROM Information WHERE Id = $id;";
$mysqli->query($query);
// If this is a rest API, you can just end with HTTP 200 (let the script die);
// otherwise, redirect them to the page they should see after performing this action
header('location: /view_something.php');
您需要小心 - 我在您的代码中注意到您正在接受用户输入并将其直接输入到SQL查询中。这样可以轻松地使用SQL injection attacks定位您的应用程序。如果攻击者需要,一个特制的HTTP请求可能会删除整个数据库。
简单来说,您需要验证并转义从用户收到的字符串输入,然后再将其放入查询中,以确保它们不会添加自己的SQL,以便在您的应用程序授权下执行其他任务。
当您使用mysqli时,您需要查看mysqli_real_escape_string()。
您可能会查找PDO /预备语句,或者可能采用自动为您完成所有这些操作的框架。
最后:做“vanilla PHP方式”使得维护和测试代码非常困难。我鼓励你看看: