My code for delete entry is this but its not doing anything
HTML
<form id="form3" name="form3" method="post" onsubmit="return validateForm();" action="">
Id <input type="text" class="txt" name="id" /><br />
<input type="submit" id="delete" value="delete"/>
</form>
PHP
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
}
那就是我通常的做法:
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='".$_POST['id']."')
In oder to avoid confusion like this, I always use sprintf()
where I need to concatenate strings
Change:
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] )) {
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
}
to:
global $wpdb;
if ( isset ( $_POST['id'] ) )) {
$wpdb->query(sprintf("DELETE %stutorial WHERE id='%s'", PRO_TABLE_PREFIX, $_POST['id']));
}
A couple of things to note:
1) You're vulnerable to SQL injection
2) Once you've used isset()
to determine if the key of $_POST['id']
actually isn't NULL
, you don't need to check if its empty via empty()
Update
You should really test $_POST['id']
if its valid. I'd suggest you to implement a function, like, is_id_valid()
function is_id_valid(&$id){ //<-- IMPORTANT, Argument should be a reference
if ( ! isset($id) ){
return false;
}
if ( empty($id) ){
return false;
}
// add this if you expect $id to be a numeric value
// otherwise just ignore - do not add
if ( ! is_numeric($id) ){
return false;
}
//it's also a good to validate the length
if ( strlen($id) > ... && strlen($id) < ... ){
return false;
}
//seems like all tests passed
return true;
}
Then you would use it, like
if ( is_id_valid($_POST['id']) !== false ){
....
}
Warning: It's still vulnerably to SQL injection
Remove single quote around post['id']
:
$wpdb->query("DELETE " . PRO_TABLE_PREFIX . "tutorial WHERE id={$_POST['id']}")
OR
echo $query = "DELETE " . PRO_TABLE_PREFIX . " tutorial WHERE id =".mysql_real_escape_string($_POST['id']);
$wbpd->query($query);
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id='{$_POST['id']}'");
PS: Go overthere and accept one answer who helped you most. And here too! :P
Try following code:-
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=".$_POST['id']);
}
give some action path to the form
html
<form id="form3" name="form3" method="post" onsubmit="return validateForm();" action="give some actions">
Id <input type="text" class="txt" name="id" /><br />
<input type="submit" id="delete" value="delete"/>
php
global $wpdb;
if ( isset ( $_POST['id'] ) && ! empty ( $_POST['id'] ))
{
$id=stripslashes_deep($_POST['id']);
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=$id");
}
Since you are checking for id in WHERE clause, you need not wrap it in quotes, and you are missing FROM in your delete statement, so standard way would be: And do some filtering of POST data before inserting into database , like doing:
$id = (int) $_POST['id'];
if( $id > 0 ) {
$wpdb->query("DELETE FROM " . PRO_TABLE_PREFIX . "tutorial WHERE id=".$_POST['id']);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.