Question

我正在尝试为显示的行创建一个删除按钮。这些行是MySQL数据库中的实际数据。

当我运行我的代码时，我能够启动会话，查看显示的所有数据。但是当我点击“删除”按钮时，数据内部的数据不会发生变化。

我怀疑是＆＃34;价值＆＃34;删除按钮。我不知道如何将该值与sql查询相关联。

非常感谢任何帮助。谢谢！

<html>
<head>
<title>Delete Transaction</title>
</head>
<body>
<?php
session_start();
if (isset($_SESSION['Username'])) {
    $Username=$_SESSION['Username'];    
}
?>
<h2><?php echo "USER $Username LOGGED IN"; ?></h2>

<form action ="" method = "post">
<?php 

$dbc=mysqli_connect('localhost','testuser','password','Project')
 or die ("Could not Connect! \n");

$sql_query = "SELECT MemberID FROM Members WHERE Username = '$Username';";
$result1 = mysqli_query($dbc,$sql_query) or die ("error querying database");
if (mysqli_num_rows($result1) > 0 ) {
    $row = mysqli_fetch_assoc($result1);
    $mID = $row['MemberID'];
} // assigning mID as MemberID

$sql = "SELECT * FROM Sales WHERE Members_ID = '$mID' "; // Getting Members_ID in Sales Table
$result=mysqli_query($dbc,$sql) or die ("Error Querying Database");

$sql_getSalesID = "SELECT SalesID FROM Sales WHERE Members_ID ='$mID'"; // Getting SalesID
$result2 = mysqli_query($dbc,$sql_getSalesID) or die ("Error Querying Database 2");
if (mysqli_num_rows($result2) > 0 ) {
    $row = mysqli_fetch_assoc($result2);
    $SalesID = $row['SalesID'];
}

if (isset($_POST['SalesID']) and is_numeric($_POST['SalesID']))
{
    $delete =$_POST['SalesID'];
    $sql_delete="DELETE FROM Sales WHERE SalesID = '$delete'";
    $result3 = mysqli_query($dbc,$sql_delete) or die ("Error Querying Database 3");
}


echo "<table>";
echo "<tr> <th> User </th>  <th> Item </th> <th> Purchase Date </th> <th> Delete Option </th> </tr>";
while($row=mysqli_fetch_array($result)){
    echo "<tr> <td>".$row['Members_ID']."</td>
    <td>".$row['Items_ID']."</td> <td>".$row['PurchaseDate']."</td> 
    <td><button type='submit' name ='deleteTrans' value ='".$sql_delete."'> Delete </button></td>   </tr>";
}
echo "</table>";
 mysqli_close();
?>
</form>
</body>
</html>

Answer 1

为您找到合适的解决方案：使用$ _GET删除此促销我还从攻击中添加了一个防火墙：SQL injection＆amp; XSS

像这样：

    <html>
<head>
<title>Delete Transaction</title>
</head>
<body>
<?php
session_start();
if (isset($_SESSION['Username'])) {
    $Username=$_SESSION['Username'];    
}
?>
<h2><?= "USER $Username LOGGED IN"; ?></h2>

<form action ="" method = "post">
<?php 

$db = @new mysqli('localhost','testuser','password','Project') or die ("Could not Connect! \n");

// Protect From SQL injection & XSS
if (isset($_GET)) {
       foreach ($_GET as $key => $value) {
         $_GET[$key] = $db->real_escape_string($value);
         $_GET[$key] = htmlspecialchars(trim($value), ENT_QUOTES, "utf-8");
       }
     }

     if (isset($_POST)) {
       foreach ($_POST as $key => $value) {
         $_POST[$key] = $db->real_escape_string($value);
         $_POST[$key] = htmlspecialchars(trim($value), ENT_QUOTES, "utf-8");
       }
     }

     if (isset($_REQUEST)) {
       foreach ($_REQUEST as $key => $value) {
         $_REQUEST[$key] = $db->real_escape_string($value);
         $_REQUEST[$key] = htmlspecialchars(trim($value), ENT_QUOTES, "utf-8");
       }
     }

//Your Code
$sql_query = "SELECT MemberID FROM Members WHERE Username = '$Username';";
$result1 = $db->query($sql_query) or die ("error querying database");
if (mysqli_num_rows($result1) > 0) {
    $row = $result1->fetch_assoc();
    $mID = $row['MemberID'];
} // assigning mID as MemberID

$sql = "SELECT * FROM Sales WHERE Members_ID = '$mID' "; // Getting Members_ID in Sales Table
$result=mysqli_query($db,$sql) or die ("Error Querying Database");

$sql_getSalesID = "SELECT SalesID FROM Sales WHERE Members_ID ='$mID'"; // Getting SalesID
$result2 = $db->query($sql_getSalesID) or die ("Error Querying Database 2");
if (mysqli_num_rows($result2) > 0 ) {
    $row = $result2->fetch_assoc();
    $SalesID = $row['SalesID'];
}

// Check if click del button
if (isset($_GET['del']) && is_numeric($_GET['del']))
{
    $del = $_GET['del'];
    $sql_delete = "DELETE FROM Sales WHERE SalesID = '$del'";
    $result3 = $db->query($sql_delete) or die ("Error Querying Database 3");
}

echo "<table>";
echo "<tr> <th> User </th>  <th> Item </th> <th> Purchase Date </th> <th> Delete Option </th> </tr>";
while($row = $result->fetch_assoc()){ ?>
    <tr><td><?= $row['Members_ID']; ?></td>
    <td><?= $row['Items_ID']; ?></td> <td><?= $row['PurchaseDate']; ?></td> 
    <td><a href="?del=<?= $row['SalesID']; ?>" class ='btn btn-danger'> Delete </a></td></tr>
}
<?
echo "</table>";

?>


</form>
</body>
</html>

MySQL：使用PHP Button删除一行

1 个答案: