堆栈内存溢出
  简体   繁体   English

从MySQL删除ID

[英]Delete id from MySQL

 原文  2015-05-29 08:52:45       php/ mysql

问题描述

In MySQL I have a several users, when I want to delete an user I use the following code: 在MySQL中,我有几个用户,当我想删除一个用户时,我使用以下代码: 

<td><b><a href='.?control=directeur&action=verwijderGebruiker&id=".$leerling->getId()."'><img src='img/delete.png' /></a></b></td>

In my controller: 在我的控制器中: 

 private function verwijderAction()
 {
       $this->model->verwijderGebruiker();
       $this->forward('default','directeur');
 }

And in my model: 在我的模型中: 

 public function verwijderGebruiker()
 {
   $id = filter_var($_REQUEST['id'], FILTER_VALIDATE_INT);

   if($id!=false)
   {
     $sql = 'DELETE FROM `contacten` WHERE `id`=:id';
     $stmnt = $this->db->prepare($sql); // bereid de query voor
     $stmnt->bindParam(':id',$id); // bindParam = verbindt de parameter: ":<parameter>" met de "<variable>".
     $stmnt->execute(); // voert de query uit
   } 
}

When I want to delete an ID it says the right thing in the URL (action=verwijderGebruiker&id=5) but it doesn't delete it, instead it goes back to the home page. 当我想删除一个ID时,它会在URL中说正确的话(action=verwijderGebruiker&id=5)但不会删除它,而是返回到主页。

2 个解决方案

解决方案1
 0  2015-05-29 08:57:48

your id never gets inside your method. 您的id永远不会进入您的方法。 you have to hand it over to your function as a parameter: 您必须将其作为参数移交给您的函数: 

public function verwijderGebruiker($id)
{
   $id = filter_var($id, FILTER_VALIDATE_INT);
   // ....
}

//call it outside your class with your request-variable:
$my_class = new MyClass();
$my_class->verwijderGebruiker($_REQUEST['id']);

解决方案2
 0  2015-05-29 09:38:32

Although you should check the value in $id before testing if it != false there are more fundamental issues: changing database values based on parameters you get from a URL could allow someone to keep trying different values on the url, and thereby change database values. 尽管您应该在测试$ id是否等于!= false之前检查$ id中的值,但是还有一些更根本的问题:根据您从URL获得的参数更改数据库值可能会使某人继续尝试使用该URL上的其他值,从而更改数据库值。

You may be removing records silently, or you may be doing nothing, depending on the value plugged into your URL by $leerling->getId() 您可能会默默地删除记录,或者您可能什么都不做,具体取决于$ leerling-> getId()插入URL的值

I think $id probably has no value in it. 我认为$ id可能没有任何价值。 The test is probably silently failing to say anything as it evaluates to false and no DB update can follow. 该测试可能无声无息,因为它的评估结果为false,并且没有数据库更新可以跟随。

More importantly: the $id must be sent in a POST, not a GET request. 更重要的是:$ id必须在POST中发送,而不是在GET请求中发送。

See: http://www.wikiwand.com/en/Hypertext_Transfer_Protocol#/Request_methods 请参阅: http : //www.wikiwand.com/zh_CN/Hypertext_Transfer_Protocol#/Request_methods

using GET should only retrieve data and should have no other effect. 使用GET应该只检索数据,并且没有其他效果。

Otherwise the URL can be sent with lots of sequential IDs and records changed in your database, nightmare security fail! 否则,可以使用许多顺序ID发送URL,并在数据库中更改记录,噩梦安全性会失败!

Additionally, your test not only needs to ensure $id has a value, but that it is a DB record that can be deleted and to return a result, catching any faults. 此外,您的测试不仅需要确保$ id具有值,而且它是可以删除并返回结果(捕获任何错误)的数据库记录。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Php Mysql使用Id从2个表中删除 - Php Mysql DELETE From 2 Tables Using Id 使用mysql从列中删除特定ID - Delete Particular Id From Column using mysql PHP MySQL“从`table` WHERE`id` = |未知列`id`中删除 - PHP MySQL "DELETE FROM `table` WHERE `id` = | unknown column `id` 如何从具有给定ID的MySQL中删除记录 - How to delete a record from mysql which are having the given id 如何使用查询从 MySQL 数据库中删除 id - how to delete id from MySQL Database using query 获取 controller 中的删除 id 以删除 mysql 记录 - Get delete id in controller to delete mysql record 从数据库删除ID - Delete ID From DB 在MYSQL / PHP中,如何从ID 1删除并将数据插入ID 5 - In MYSQL/PHP how would I delete from ID 1 and insert data to ID 5 从MYSQL表删除 - Delete from MYSQL Table 从MySQL删除行 - Delete Row From MySQL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM