1. 首頁
  2. 問答
  3. 試圖刪除按鈕添加到PHP的網站

試圖刪除按鈕添加到PHP的網站

2013-05-12 38 views
0

我是新來的PHP,並嘗試添加一個刪除按鈕從列表中刪除對象(作業), 我想刪除按鈕出現在每個單個對象的旁邊(作業),並且一旦點擊該作業就從數據庫表中刪除。下面是我的兩個edit_jobs.php(特定用戶顯示所有任務)和delete_job.php(假設從表中刪除特定的工作)有人能告訴我什麼,我做錯了,試圖刪除按鈕添加到PHP的網站

代碼

我的edit_jobs頁面顯示特定用戶發佈的表格中的所有作業。

<?php 
     include_once "connect_to_mysql.php"; 
     $id = $userid; 
     $username = $_GET['username']; 


     $result = mysql_query("SELECT * FROM jobs WHERE user_id ='$id'") 
       or die(mysql_error()); 

     while ($row = mysql_fetch_array($result)) { 
      echo '<a href="job.php?id=' . $row['job_id'] . '"> ' . $row['job'] . '</a><br />'; 
      echo 'category: ' . $row['category'] . '<br />'; 
      echo 'description: ' . $row['description'] . '<br />'; 
      echo '<a href="member.php?id=' . $row['userid'] . '">Clients profile</a><br />'; 
      echo '<br />';?> 
     <a href="delete_job.php?job_id=<?php echo $row['job']; ?>" 
         onclick="return confirm('Are you sure you want to delete this book?');"> 
         <img src="images/delete20.png" alt="Delete Book" /> 
        </a> 
     <?php } ?>

的delete_job頁

<?php 
if ($_SERVER['REQUEST_METHOD'] == 'GET') { 
if (!empty($_GET['job_id'])) { 
    $jobId = $_GET['job_id']; 

    require_once 'connect_to_mysql.php'; 

    $sql = "DELETE FROM jobs WHERE job_id = ?"; 

    $params = array($jobId); 

    $stmt = $link->prepare($sql); 
    $status = $stmt->execute($params); 


    if ($status == true) { 
     header("Location: edit_jobs.php"); 
    } 
    else { 
     $error_info = $stmt->errorInfo(); 
     $error_message = "failed to delete job: {$error_info[2]} - error code {$error_info[0]}"; 
     require 'error.php'; 
    } 
} 

else { 
    $error_message = "book id not specified"; 
    require 'edit_jobs.php'; 
} 
} 
else { 
} 
?>

來源

2013-05-12 user2003341

回答

-1

你試過嗎?

$jobId = $link->real_escape_string($jobId); 
$sql = "DELETE FROM jobs WHERE job_id = $jobId";

來源

2013-05-12 22:55:03 Firebowl2000

+0

會如何我會把它變成每個項目的按鈕?對不起,我很新的PHP? – user2003341 2013-05-12 23:07:50

+1

鑑於'$ jobId'從查詢字符串,*** SQL INJECTION ALERT提取!***(嚴重的是,使用準備好的語句!該任擇議定書已經是!) – michaelb958 2013-05-12 23:08:37

+0

我試過$ SQL =「DELETE FROM WHERE工作JOB_ID = $的jobId「;但即時收到此錯誤致命錯誤:調用一個成員函數準備()一個非對象在/Applications/XAMPP/xamppfiles/htdocs/DesignAJobHy/delete_job.php在線19 – user2003341 2013-05-12 23:16:51

0

我看到很多這個代碼的問題。第一 - 我同意上述有關這些漏洞。然而這是一個簡單的解決方法;只需將作業ID驗證爲整數,如果驗證失敗,則不要執行SQL代碼。

第二 - 我認爲$ param = array($ jobId)是不正確的。你沒有將作業變量傳遞給SQL代碼......它爲執行語句提供了一個空值。我清理你的代碼,也不能保證這會工作,我看不到你的SQL語句,但是這是一個更好的辦法,並應工作的權利......

# Include this before anything else... 
 
require_once 'connect_to_mysql.php'; 
 

 
# Ditch the server GET validation check, waste of load time, store job ID in a variable off the bat 
 
$jobId = $_GET['job_id']; 
 

 
# Validate if the job is is numeric and not empty 
 
if ((!empty($jobId)) || (is_numeric($jobId)) 
 
{ 
 
    # Ditch the $sql variable for speed/memory, just include it in the prepare statement 
 
    # Note the limit statement - it's good practice to limit deletion queries to only one row 
 
    # if you are only deleting one row so additional data doesn't accidentally get deleted 
 
    $stmt = $link->prepare("DELETE FROM jobs WHERE job_id = ? LIMIT 1"); 
 
    
 
    # This code prepares job ID as a parameterized query and tells the database to parse it as an int 
 
    $stmt->bind_param('i', $jobId); 
 
    
 
    # Execute and validate 
 
    $status = $stmt->execute($params); 
 

 
    if ($status == true) 
 
     header("Location: edit_jobs.php"); 
 
    else 
 
    { 
 
     $error_info = $stmt->errorInfo(); 
 
     $error_message = "failed to delete job: {$error_info[2]} - error code {$error_info[0]}"; 
 
     require 'error.php'; 
 
    } 
 
} 
 
else 
 
{ 
 
    $error_message = "Booking ID is not valid"; 
 
    require 'edit_jobs.php'; 
 
} 
 

 
# Make sure to close your database connection when finished...

來源

2017-07-16 21:45:18

相關問題

 相關問題