【发布时间】:2020-01-15 17:10:23
【问题描述】:
我有一个删除按钮,单击该按钮会提示用户进行确认。它表明它正在工作,但是当我检查数据库时,数据仍然存在。 如何让我的删除按钮从数据库中删除数据?
<?php
// build query
$sql= "SELECT blogID, title, made_by, description FROM blogs";
// execute query
$res=$mysqli->query($sql);
// get multiple results
while($row = $res->fetch_assoc()){
$blogID=$row['blogID'];
$title=$row['title'];
$made_by=$row['made_by'];
$description=$row['description'];
?>
<form action = "post_action.php" method="POST">
<div style="text-align:left">
<div class="row">
<div class="leftcolumn">
<div class="card">
<td><?php print($title);?></td><br>
<td> <?php print($description);?> </td> <br>
<td><?php print($made_by);?> </td><br>
<?//Create edit, comment and delete buttons for each blog?>
<button onclick="window.location.href = 'edit_blog.php';">Edit Blog </button>
<input type = "hidden" name="blogID" value= "<?php print($blogID);?>" >
<input type="submit" name="action" value="Insert Comment"/>
<input type="submit" onclick="deleteme(<?php echo $row['blogID']; ?>);" name="action" value="Remove Blog"/>
<? //Javascript code?>
<script language="javascript"> //inserts javascript code
function deleteme(delid)
{
if(confirm("You're about to delete this blog. Click OK to continue or click cancel.")){ //opens an alert window asking the user if they're they want ot remove the blog
window.location.href='post_action.php?del_id=' +delid+''; //If they click OK then it'll run the delete function on post_action.php
return true;
}
}
</script> <?//ends javascript code ?>
</form>
</div>
这是 post_action.php
<?php
include("_config.php");
debug($_POST);
if($_POST['action'] == "Remove Blog"){
$query = "DELETE FROM blogs WHERE blogID={$_POST['blogID']} LIMIT 1";
header ("Location: blog_test.php");
}
?>
【问题讨论】:
-
您将 GET 参数作为 URL 的一部分发送,但尝试在后端读取 POST 参数。
-
顺便说一句,使用GET来修改服务器上的状态是非常危险的。任何人都可以将脚本指向端点并枚举所有将删除它们的 ID。它甚至可能不是恶意的 - 网络爬虫可能会尝试自动为这些页面编制索引,而您最终会得到一个空表。
-
您没有执行 DELETE 查询。
-
尝试使用准备好的语句w3schools.com/php/php_mysql_prepared_statements.asp 我发现这比 php 文档更有用
标签: javascript php jquery html sql