我正在尝试修改this script,以便不会将所有结果都返回到数据库中,而是仅限于一小组。
但是,当我利用POST来获取传递的搜索词时,我打破了删除记录的能力。
我可以使用没有变量的查询或事先设置变量的查询,但不能使用POST命令。
e.g。
$sql="SELECT * FROM $table WHERE name='bob'"; //deleting items works after this query
$name='bobo';
$sql="SELECT * FROM $table WHERE name='$name'"; //deleting items works after this query
$name=mysql_real_escape_string($_POST['searchterm'];
$sql="SELECT * FROM $table WHERE name='$name'"; //deleting items fails after this query
我试图查看结果集返回的内容,但似乎无法从查询中捕获任何输出。
我不确定为什么使用post命令会破坏查询。
这是我修改后的代码:
<?php
$host="localhost";
$username="foo";
$password="bar";
$db_name="Alerts";
$tbl_name="SearchTermsAndContactAddress";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$address=mysql_real_escape_string($_POST['SearchAddress']);
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '007@gmail.com' ORDER BY searchterms ASC"); //the delete does work
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '$address' ORDER BY searchterms ASC"); //delete doesn't work
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '%s' ORDER BY searchterms DESC", mysql_real_escape_string($_POST['SearchAddress']) ); //this doesn't work either
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '$_POST[SearchAddress]' ORDER BY searchterms DESC" ); // it doesn't work with this query
#$sql=sprintf( "SELECT * FROM $tbl_name ORDER BY searchterms DESC" ); //it does work with this query
echo $sql;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
?>
<table width="400" border="0" cellspacing="1" cellpadding="0">
<tr>
<td><form name="form1" method="post" action="">
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td bgcolor="#FFFFFF"> </td>
<td colspan="4" bgcolor="#FFFFFF"><strong>Delete multiple rows in mysql</strong> </td>
</tr>
<tr>
<td align="center" bgcolor="#FFFFFF">#</td>
<td align="center" bgcolor="#FFFFFF"><strong>Id</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Search Term</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Address</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Attach Image</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center" bgcolor="#FFFFFF"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $rows['prim_key']; ?>"></td>
<td bgcolor="#FFFFFF"><? echo $rows['prim_key']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['searchterms']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['contactaddress']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['ImageAttachment']; ?></td>
</tr>
<?php
}
?>
<tr>
<td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td>
</tr>
<?
//try closing and starting a new connection
/*
mysql_close();
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB"); // yeah this didn't work
*/
// Check whether delete button active, start this
if ($delete) {
for ($i=0;$i<$count;$i++) {
$del_id = $checkbox[$i];
$sql = "DELETE FROM $tbl_name WHERE prim_key='$del_id'";
// $sql = "DELETE FROM $tbl_name WHERE id='10'"; //using a static query didn't solve the problem.
$result = mysql_query($sql);
}
// if successful redirect to delete_multiple.php
if ($result) {
echo $result; // this will return "Resource id #2" when it fails or it will return the # of affected rows when it succeeds
// while($row = mysql_fetch_assoc($result)) {
while ($row = mysql_fetch_array($result)) {
echo $row['num'];
echo "damn"; //this isn't being printed
}
echo "<meta http-equiv=\"refresh\" content=\"4;URL=delete_multiple3.php\">";
}
}
mysql_close();
?>
</table>
</form>
</td>
</tr>
</table>
我对php非常陌生并且对MySQL有一定的了解。
答案 0 :(得分:0)
为什么你使用sprintf但没有提供任何参数(所以你真的没有用sprintf做任何事情)。
下面:
$sql = 'SELECT * FROM `'.$tbl_name.'` WHERE contactaddress = \''.mysql_real_escape_string($_POST['SearchAddress']).'\' ORDER BY searchterms ASC';
你应该真正研究Mysqli或PDO,因为不推荐使用ext / mysql库。
注意:是的,我在字符串中取出了变量解析,因为我个人而言,讨厌它。
编辑:我没有充分阅读你的代码。你在哪里设置$ delete?你没有使用register_globals,是吗......?编辑编辑:你在这段代码中想做什么?你正在抛出像疯了似的变量,认为它们不是它们,反之亦然。你能解释一下你对这段代码的意图吗?
最终编辑:
我理解为什么代码无法正常工作。当您第一次提交到页面时,您发送$ _POST ['SearchAddress']变量,因此第一个查询正确执行。但是,当您提交要删除的字段时(从第一个选择查询中打印的HTML),您将POST到完全相同的页面。这使$ _POST ['SearchAddress']为空并填充其他$ _POST变量。因为第一次SELECT查询第二次失败(返回0行),$ count = 0,这将使任何DELETE语句都不执行。您必须分开代码,或添加:
<input type="hidden" name="SearchAddress" value="<? echo $_POST['SearchAddress']; ?>" />
(表单内)。
你也依赖于注册全局变量,这是一个不好的想法。可以在此处找到一个示例:http://php.net/manual/en/security.globals.php
答案 1 :(得分:0)
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '%s' ORDER BY searchterms DESC", mysql_real_escape_string($_POST['SearchAddress']) );
假设您在$_POST['SearchAddress']
print_r($_POST);
运行它,看看你期望的值是否存在,然后开始讨论@Chris所涉及的更广泛的问题。