我有下面的代码链接到一个名为deletepage.php的页面,该页面位于我目录中的FTP中。它在数据库查询的末尾添加了变量,该位有效并且可以正确打开页面:
<a href=\"http://themacsplash.com/ClipBoy/deletepage.php?plink=$link&user=$username\">X</a>
但是现在我有这个代码在MySQL数据库中对它进行查询,但它实际上并没有删除它应该删除它:
$con = mysql_connect("localhost", "will", "blahblah");
if (!$con) {
die('Could not connect: '.mysql_error()); //check for database errors
}
$username = $_GET['user'];
mysql_select_db("themacsp_clipboy", $con);
$sql = ("DELETE * FROM links WHERE link = ".(int)$_GET['plink'] AND username='$username');
mysql_query($sql);
header("location: http://themacsplash.com/userfiles/$username");
?>
我收到错误:
解析错误:语法错误,第10行&gt; /data/www/vhosts/themacsplash.com/httpdocs/ClipBoy/deletepage.php中的意外'='
第10行是$ sql行($sql = ("DELETE * FROM links WHERE link = ".(int)$_GET['plink'] AND username='$username');)
我该如何解决这个问题?
答案 0 :(得分:2)
你再次错过了一些报价。
你可能应该一步一步地做,因为它不那么令人困惑:
$plink = (int)$_GET['plink'];
$sql = "DELETE FROM links WHERE link=$plink AND username='$username'";
答案 1 :(得分:1)
行应
$sql = ("DELETE * FROM links WHERE link = ".(int)$_GET['plink'] . "AND username='$username'");
此外,您应该使用mysql_real_escape_string()清理这些$ _GET字符串,以帮助避免SQL注入攻击。
答案 2 :(得分:0)
$sql = "DELETE * FROM links WHERE link = ".(int)$_GET['plink']." AND username='".$username."';";
您以错误的方式连接字符串和变量。这样做。
答案 3 :(得分:0)
我认为它就在这一行
<?php
//replace
//$sql = ("DELETE * FROM links WHERE link = ".(int)$_GET['plink'] AND username='$username');
//with
$sql = "DELETE * FROM links WHERE link = ".(int)$_GET['plink']. "AND username='".$username."'";
?>