請幫我查看我的代碼,即時通訊工作,如刪除記錄。但我無法執行刪除操作。我做了一個查詢,以獲得我的候選人的所有記錄,然後每個候選人我把刪除鏈接。如果我錯了,請提供建議。繼承我的代碼。無法執行刪除
<?php
$year = date("Y");
if ($result = $mysqli->query("SELECT
tbl_position.positionName,
tbl_candidate.candId,
tbl_candidate.studId,
tbl_student.fname,
tbl_student.lname,
tbl_student.mname,
tbl_candidate.sy,
tbl_department.departmentName
FROM
tbl_candidate
Inner Join tbl_position ON tbl_candidate.positionId = tbl_position.positionId
Inner Join tbl_student ON tbl_candidate.studId = tbl_student.studId
Inner Join tbl_department ON tbl_student.departmentId = tbl_department.departmentId
WHERE
tbl_candidate.sy = '$year'
ORDER BY
tbl_candidate.positionId ASC,
tbl_candidate.studId ASC")) {
echo "<h8><strong>List of Candidates<br></strong></h8>";
if ($result->num_rows > 0)
{
echo "<table width='1000' border='0'>";
echo "<tr>
<th>Position</th><th></th><th>Student ID</th><th></th><th>Name</th>
<th></th><th>School Year</th><th></th><th>Department</th>
<th></th><th></th></tr>";
while ($row = $result->fetch_object())
{echo "<tr>";
echo "<td align='center'>" .$row->positionName."</td>";
echo "<td> </td>";
echo "<td align ='center'>" . $row->studId . "</td>";
echo "<td> </td>";
echo "<td align ='center'>" . $row->fname . " ". $row->mname ." ". $row->lname ." </td>";
echo "<td> </td>";
echo "<td align='center'>" .$row->sy."</td>";
echo "<td> </td>";
echo "<td align='center'>" .$row->departmentName."</td>";
echo "<td> </td>";
echo "<td><a href='delete_cand.php?id=" . $row->candId ."'>Delete</a></td>";
echo"</tr>";
}
echo "</table>";
}
else
{
echo "No candidates are registered!";
}
}
$mysqli->close();
?>
我的繼承人delete_cand.php
<?php
if (isset($_GET['candId']))
{
$id = $_GET['candId'];
if ($stmt = $mysqli->prepare("DELETE * FROM tbl_candidate WHERE candId = ? LIMIT 1"))
{
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->close();
}
else
{
echo "ERROR: could not prepare SQL statement.";
}
$mysqli->close();
}
?>
沒有'DELETE * FROM tbl'語法 - 有'DELETE FROM tbl WHERE ...'同時使用GET請求進行數據庫修改實際上是非常糟糕的做法和安全漏洞。閱讀有關CSRF,然後通過POST執行此類請求。 – ddinchev 2013-02-26 07:07:26
@ Veseliq..thnks的意見,^ _^ – 2013-02-26 07:16:39