在SQL中删除类型为varchar的行的问题
[英]Issue deleting rows in SQL of type varchar
问题描述
I am trying to create a form that will delete a row in a table based on the attribute a user selects from a drop down list of options. 
我正在尝试创建一种表单,该表单将根据用户从选项下拉列表中选择的属性删除表中的行。 For some reason the first option, (attemptid) which is an int, works, but the other three (which are varchar) do not. 由于某种原因,第一个选项(attemptid)是一个int起作用,而其他三个选项(varchar)则不起作用。 The error handling I have set up to debug the script is returning 1 or true , but the row in question is not deleted. 我为调试脚本而设置的错误处理返回1或true ,但相关行未删除。
HELP! 救命! I have tried everything but am only just learning PHP so imagine I am missing something quite simple. 我已经尝试了所有方法,但只是学习PHP,所以想像一下我缺少了一些简单的方法。
require_once("settings.php");
$conn = @mysqli_connect($host, $user, $pass, $db);
if ($conn) {
?>
<form method="post" action="delete_attempts.php" name="delete_attempts" id="delete_attempts" >
<label for="deleteby">
<p>Select an option to delete results by:</p>
</label>
<select name="deleteby">
<option value="attemptid">Attempt ID</option>
<option value="firstname">First Name</option>
<option value="lastname">Last Name</option>
<option value="studentid">Student ID</option>
</select>
<p></p>
<input type="text" name="delvalue" placeholder="Value">
<div>
<input type="submit" value="Delete Record" id="submit" />
</div>
</form>
<?php
if (isset($_POST["delvalue"])) {
// get value from form
$delValue = trim($_POST["delvalue"]);
echo $delValue;
// queries to delete record
$queryAttemptId = "DELETE FROM quizattempts WHERE attemptid = '$delValue'";
$queryFirstName = "DELETE FROM quizattempts WHERE firstname = '$delValue'";
$queryLastName = "DELETE FROM quizattempts WHERE lastname = '$delValue'";
$queryStudentId = "DELETE FROM quizattempts WHERE studentid = '$delValue'";
//select which value to search for
if ($_POST["deleteby"] = "attemptid") {
// pass query to database
$result = mysqli_query($conn, $queryAttemptId);
} // end delete attemptid
else if ($_POST["deleteby"] = "firstname") {
// pass query to database
$result = mysqli_query($conn, $queryFirstName);
} // end delete firstname
else if ($_POST["deleteby"] = "lastname") {
// pass query to database
$result = mysqli_query($conn, $queryLastName);
} // end delete lastname
else if ($_POST["deleteby"] = "studentid") {
// pass query to database
$result = mysqli_query($conn, $queryStudentId);
} // end delete student id
echo "this is the result $result";
// if query is successful are found
if ($result) {
echo "<p>Delete operation successful</p>";
} // end if result found
else {
// if no record is found in DB
echo "<p>No records found</p>";
} // end if no result found
} //isset($_POST["attemptid"])
} //$conn
?>
1 个解决方案
解决方案1
1 已采纳 2013-11-05 02:40:02
if ($_POST["deleteby"] = "attemptid") {
That should be == . 那应该是== 。 Your code as written will assign "attemptid" to $_POST["deleteby"] and then return the same value... which is always true. 您编写的代码将为$_POST["deleteby"]分配"attemptid" ,然后返回相同的值...始终为true。 So your other else if s are never even checked. 因此,即使没有检查您的其他else if 。
Also, your code as written is vulnerable to SQL injection . 另外,您编写的代码很容易受到SQL注入的攻击 。 You're already using mysqli; 您已经在使用mysqli。 you should strongly consider using prepared statements . 您应该强烈考虑使用准备好的语句 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.