2013-02-26 52 views
-3

請幫我查看我的代碼,即時通訊工作,如刪除記錄。但我無法執行刪除操作。我做了一個查詢,以獲得我的候選人的所有記錄,然後每個候選人我把刪除鏈接。如果我錯了,請提供建議。繼承我的代碼。無法執行刪除

<?php 
      $year = date("Y"); 
      if ($result = $mysqli->query("SELECT 
      tbl_position.positionName, 
      tbl_candidate.candId, 
      tbl_candidate.studId, 
      tbl_student.fname, 
      tbl_student.lname, 
      tbl_student.mname, 
      tbl_candidate.sy, 
      tbl_department.departmentName 
      FROM 
      tbl_candidate 
      Inner Join tbl_position ON tbl_candidate.positionId = tbl_position.positionId 
      Inner Join tbl_student ON tbl_candidate.studId = tbl_student.studId 
      Inner Join tbl_department ON tbl_student.departmentId = tbl_department.departmentId 
      WHERE 
      tbl_candidate.sy = '$year' 
      ORDER BY 
      tbl_candidate.positionId ASC, 
      tbl_candidate.studId ASC")) { 
      echo "<h8><strong>List of Candidates<br></strong></h8>"; 
      if ($result->num_rows > 0) 
          { 
    echo "<table width='1000' border='0'>"; 
       echo "<tr> 
    <th>Position</th><th></th><th>Student ID</th><th></th><th>Name</th> 
    <th></th><th>School Year</th><th></th><th>Department</th> 
    <th></th><th></th></tr>"; 

       while ($row = $result->fetch_object()) 
      {echo "<tr>"; 
    echo "<td align='center'>" .$row->positionName."</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align ='center'>" . $row->studId . "</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align ='center'>" . $row->fname . " ". $row->mname ." ". $row->lname ." </td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align='center'>" .$row->sy."</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align='center'>" .$row->departmentName."</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td><a href='delete_cand.php?id=" . $row->candId ."'>Delete</a></td>"; 
    echo"</tr>"; 
    } 
    echo "</table>"; 
    } 
    else 
      { 
      echo "No candidates are registered!"; 
       } 
    } 
    $mysqli->close(); 
    ?> 

我的繼承人delete_cand.php

<?php 
    if (isset($_GET['candId'])) 
    { 
    $id = $_GET['candId']; 
      if ($stmt = $mysqli->prepare("DELETE * FROM tbl_candidate WHERE candId = ? LIMIT 1")) 
      { 
        $stmt->bind_param("i",$id);  
        $stmt->execute(); 
        $stmt->close(); 
      } 
      else 
      { 
        echo "ERROR: could not prepare SQL statement."; 
      } 
      $mysqli->close(); 
    } 
    ?> 
+0

沒有'DELETE * FROM tbl'語法 - 有'DELETE FROM tbl WHERE ...'同時使用GET請求進行數據庫修改實際上是非常糟糕的做法和安全漏洞。閱讀有關CSRF,然後通過POST執行此類請求。 – ddinchev 2013-02-26 07:07:26

+0

@ Veseliq..thnks的意見,^ _^ – 2013-02-26 07:16:39

回答

1

您有delete_cand.php?id=鏈接(查詢參數是id),但是你檢查基於canId ... if (isset($_GET['candId'])),使代碼永遠不會查詢字符串變量運行..

+0

請幫我修正它.. plss ... im仍然是空白。 – 2013-02-26 06:33:47

+0

真的嗎?只要確保使用相同的查詢字符串參數(id或canId,但不能同時使用) – Ben 2013-02-26 08:58:01

0

更改您的delete_cond.php,如下所示。

<?php 
if (isset($_GET['id'])) 
{ 
     $id = $_GET['id']; 
     $stmt = $mysqli->prepare("DELETE * FROM tbl_candidate WHERE candId = ? LIMIT 1"); 
     $stmt->bind_param("i",$id); 

    if ($stmt->execute()) 
    {       
     echo "Record Deleted"; 
     $stmt->close(); 
    } 
    else 
    { 
     echo "ERROR: could not prepare SQL statement."; 
    } 
     $mysqli->close(); 
} 
?> 

並根據您的要求更改您的打印聲明。