[英]Mysql delete query won't work on lamp stack
I am doing a project work on php. 我正在用php做项目工作。 During my work every single query work smoothly. 在我的工作期间,每个查询都可以顺利进行。 But when I want to delete any object using it won't delete ... 但是当我想使用它删除任何对象时,都不会删除...
Here's my php code 这是我的PHP代码
<?php
//delete item
if(isset($_GET['deletecat'])){
$id_to_delete = $_GET['deletecat'];
$sql = mysql_query("DELETE FROM `category` WHERE `Category_id`=$id_to_delete LIMIT 1") or die('Error: Could not delete.');
}
else{
header('location: category.php');
exit();
}
?>
and after that I only get the error message. 之后,我只会收到错误消息。 GET value is OK. GET值确定。 And on my phpmyadmin this SQL running OK. 在我的phpmyadmin上,此SQL运行正常。 But there's a pop up message appear when I want to delete any object. 但是,当我要删除任何对象时,会出现一条弹出消息。 what can I do now? 我现在能做什么?
You should escape the GET variable first to avoid any SQl injection attacks as already said by deceze. 您应该先转义GET变量,以避免任何由deceze所说的SQl注入攻击。 Then, you should understand that the message given by phpmyadmin is a confirmation if you need to execute the delete query. 然后,您应该了解,如果需要执行删除查询,则phpmyadmin给出的消息是一个确认。 you can use mysql_real_escape_string($value)
to escape but as php vendor says, this function will be removed very soon and is currently deprecated. 您可以使用mysql_real_escape_string($value)
进行转义,但正如php供应商所说,此函数将很快删除,目前已弃用。 bye.. 再见
there's a few layers where you could be having issues: with the db connection, the query, or the data which you are sending. 有几层可能会出现问题:数据库连接,查询或要发送的数据。
also, you are not filtering for " and ' marks so you could be in trouble there, and you're not ensuring that your id is a number so your sql could also be failing there. 另外,您没有在过滤“和”标记,因此您可能在这里遇到麻烦,并且不能确保id是数字,因此sql也可能在那里失败。
but, you can figure that out with a few adjustments to your code.... you can insert some diagnostics into your code to see what mysql is reporting the error as and get a better idea of how to fix it. 但是,您可以通过对代码进行一些调整来解决这个问题。
note that it is [generally recommended][1] to use mysqli extension instead of mysql extension, but irregardless, here's sample code with the extension you are currently using 请注意,[通常建议] [1]使用mysqli扩展名而不是mysql扩展名,但是无论如何,这是您当前正在使用的扩展名的示例代码
hope this helps! 希望这可以帮助!
<?php
if ( isset($_GET['deletecat'])) {
#dbh -> database resource.
$dbh = mysql_connect()
#mysql_connect returns false if it fails. capture error and echo to output.
if (!$dbh) {
die("Could not connect to database server: ".mysql_error()."\n");
#if using mysqli use mysql_connect_error() instead
}
#never trust input. use an escape function.
$id_to_delete = mysql_real_escape_string($_GET['deletecat'],$dbh);
#force $id_to_delete to be treated as a number, or make it safer in your sql.
#i used the latter method below.
$sql = "DELETE FROM `category` WHERE `Category_id` = '$id_to_delete' LIMIT 1");
#mysql_query returns false on failure
$result = mysql_query($sql,$dbh);
#on failure catch the error and display the exact contents of 'deletecat' in a web-friendly way.
if (!$result) {
$error=mysql_error($dbh);
die ("Error: Could not delete '"
.htmlentities(print_r($_GET['deletecat'],true)).". Error: $error\n"
);
}
#if we did not trigger die() above we are ok.
header('location: category.php');
exit();
}
?>
: :
[1]: see warning at http://php.net/manual/en/function.mysql-connect.php [1]:请参阅http://php.net/manual/en/function.mysql-connect.php上的警告
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.