i want to Delete where id=$POST['id'] in php mysql
Question
My code for delete entry is this but its not doing anything
HTML
<form id="form3" name="form3" method="post" onsubmit="return validateForm();" action="">
Id <input type="text" class="txt" name="id" /><br />
<input type="submit" id="delete" value="delete"/>
</form>
PHP
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
}
7 answers
solution1
1 2013-01-01 07:10:52
那就是我通常的做法:
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='".$_POST['id']."')
solution2
1 2013-01-01 07:32:52
In oder to avoid confusion like this, I always use sprintf() where I need to concatenate strings
Change:
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] )) {
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
}
to:
global $wpdb;
if ( isset ( $_POST['id'] ) )) {
$wpdb->query(sprintf("DELETE %stutorial WHERE id='%s'", PRO_TABLE_PREFIX, $_POST['id']));
}
A couple of things to note:
1) You're vulnerable to SQL injection
2) Once you've used isset() to determine if the key of $_POST['id'] actually isn't NULL , you don't need to check if its empty via empty()
Update
You should really test $_POST['id'] if its valid. I'd suggest you to implement a function, like, is_id_valid()
function is_id_valid(&$id){ //<-- IMPORTANT, Argument should be a reference
if ( ! isset($id) ){
return false;
}
if ( empty($id) ){
return false;
}
// add this if you expect $id to be a numeric value
// otherwise just ignore - do not add
if ( ! is_numeric($id) ){
return false;
}
//it's also a good to validate the length
if ( strlen($id) > ... && strlen($id) < ... ){
return false;
}
//seems like all tests passed
return true;
}
Then you would use it, like
if ( is_id_valid($_POST['id']) !== false ){
....
}
Warning: It's still vulnerably to SQL injection
solution3
0 2013-01-01 07:08:30
Remove single quote around post['id'] :
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id={$_POST['id']}")
OR
echo $query = "DELETE " . PRO_TABLE_PREFIX . " tutorial WHERE id =".mysql_real_escape_string($_POST['id']);
$wbpd->query($query);
solution4
0 2013-01-01 07:11:15
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
PS: Go overthere and accept one answer who helped you most. And here too! :P
solution5
0 2013-01-01 07:24:45
Try following code:-
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=".$_POST['id']);
}
solution6
0 2013-01-01 08:05:55
give some action path to the form
html
<form id="form3" name="form3" method="post" onsubmit="return validateForm();" action="give some actions">
Id <input type="text" class="txt" name="id" /><br />
<input type="submit" id="delete" value="delete"/>
php
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$id=stripslashes_deep($_POST['id']);
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=$id");
}
solution7
-1 ACCPTED 2013-01-01 07:13:05
Since you are checking for id in WHERE clause, you need not wrap it in quotes, and you are missing FROM in your delete statement, so standard way would be: And do some filtering of POST data before inserting into database , like doing:
$id = (int) $_POST['id'];
if( $id > 0 ) {
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=".$_POST['id']);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.