如何修复未定义的索引?

时间:2019-08-07 01:20:55

标签: php mysqli get undefined-index

我已连接到本地主机,并尝试在$行上使用GET方法。我在第4行的C:\ xampp \ htdocs \ webd153 \ delete.php中收到通知:未定义索引:deleteid。

<?php
include 'connection.php';

$deleteid = $_GET['deleteid'];

if (isset($deleteid)) {
$deletesql = $dbh->prepare("DELETE FROM users WHERE id = '$deleteid'");
 $deletesql->execure();
  echo "record has been deleted!<br>";

我正在尝试删除使用从本地主机连接到myphpadmin数据库的表单在数据库中输入的名称。

1 个答案:

答案 0 :(得分:0)

正确的方法是:

<?php
include 'connection.php';

if(isset($_GET['deleteid']) {
 $deleteid = $_GET['deleteid'];

 $deletesql = $dbh->prepare("DELETE FROM users WHERE id = '$deleteid'");
 $deletesql->execute();
 echo "record has been deleted!<br>";
}

但这非常不安全!当我发送网址为?deleteid=1'+OR+1=1+OR+id='的请求时,您的数据库将被删除。我建议将查询构建更改为:

 $deletesql = $dbh->prepare("DELETE FROM users WHERE id = (?)");
 $deletesql->bind_param('i', $deleteid);
相关问题
最新问题