[英]i want to Delete where id=$POST['id'] in php mysql
My code for delete entry is this but its not doing anything 我的删除条目代码是这样,但是它什么也没做
HTML 的HTML
<form id="form3" name="form3" method="post" onsubmit="return validateForm();" action="">
Id <input type="text" class="txt" name="id" /><br />
<input type="submit" id="delete" value="delete"/>
</form>
PHP 的PHP
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
}
那就是我通常的做法:
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='".$_POST['id']."')
In oder to avoid confusion like this, I always use sprintf()
where I need to concatenate strings 为了避免这样的混乱,我总是在需要连接字符串的地方使用
sprintf()
Change: 更改:
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] )) {
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
}
to: 至:
global $wpdb;
if ( isset ( $_POST['id'] ) )) {
$wpdb->query(sprintf("DELETE %stutorial WHERE id='%s'", PRO_TABLE_PREFIX, $_POST['id']));
}
A couple of things to note: 需要注意的几件事:
1) You're vulnerable to SQL injection 1)您容易受到SQL注入的攻击
2) Once you've used isset()
to determine if the key of $_POST['id']
actually isn't NULL
, you don't need to check if its empty via empty()
2)一旦使用
isset()
确定$_POST['id']
的键是否实际上不是NULL
,就不需要通过empty()
检查其是否为空
Update 更新资料
You should really test $_POST['id']
if its valid. 您应该真正测试
$_POST['id']
是否有效。 I'd suggest you to implement a function, like, is_id_valid()
我建议您实现一个函数,例如
is_id_valid()
function is_id_valid(&$id){ //<-- IMPORTANT, Argument should be a reference
if ( ! isset($id) ){
return false;
}
if ( empty($id) ){
return false;
}
// add this if you expect $id to be a numeric value
// otherwise just ignore - do not add
if ( ! is_numeric($id) ){
return false;
}
//it's also a good to validate the length
if ( strlen($id) > ... && strlen($id) < ... ){
return false;
}
//seems like all tests passed
return true;
}
Then you would use it, like 然后,您将使用它,例如
if ( is_id_valid($_POST['id']) !== false ){
....
}
Warning: It's still vulnerably to SQL injection 警告:仍然容易受到SQL注入的攻击
Remove single quote around post['id']
: 删除
post['id']
周围post['id']
单引号:
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id={$_POST['id']}")
OR 要么
echo $query = "DELETE " . PRO_TABLE_PREFIX . " tutorial WHERE id =".mysql_real_escape_string($_POST['id']);
$wbpd->query($query);
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
PS: Go overthere and accept one answer who helped you most. PS:仔细检查并接受对您最有帮助的答案。 And here too!
还有这里! :P
:P
Try following code:- 尝试以下代码:-
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=".$_POST['id']);
}
give some action path to the form
html html
<form id="form3" name="form3" method="post" onsubmit="return validateForm();" action="give some actions">
Id <input type="text" class="txt" name="id" /><br />
<input type="submit" id="delete" value="delete"/>
php 的PHP
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$id=stripslashes_deep($_POST['id']);
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=$id");
}
Since you are checking for id in WHERE clause, you need not wrap it in quotes, and you are missing FROM in your delete statement, so standard way would be: And do some filtering of POST data before inserting into database , like doing: 由于您正在检查WHERE子句中的id,因此无需将其包装在引号中,并且在delete语句中缺少FROM,因此标准方法是:在插入数据库之前对POST数据进行一些过滤,例如:
$id = (int) $_POST['id'];
if( $id > 0 ) {
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=".$_POST['id']);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.