php
  • mysql
  • sql-delete
    • 2013-05-12 46 views -2 likes 
    -2

    我想在用戶提交正確的密碼後顯示一條消息,通知用戶他已被刪除,從而刪除用戶。檢查密碼正確後刪除用戶

    在我的代碼中,問題是無論用戶如何寫入系統,都要考慮寫入並允許刪除。

    刪除.PHP

    <?php 
session_start(); 
$msgToUser=""; 
if(@!$_SESSION['user_id']) 
{ 
    $msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>'; 
    exit(); 
} 
$id = $_SESSION['user_id']; 

if(isset($_POST['delete'])) 
{ 


     $del_acct_pass = $_POST['del_account_pass']; 

     require_once('include/connect.php'); 
     $check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND user_id = '$id'") or die(mysql_error()); 
     if($check_pass) 
     { 
      $sql = mysql_query("SELECT * FROM user WHERE user_id = '$id'")or die(mysql_error()); 
      $pass_check_num = mysql_num_rows($sql); 
      if($pass_check_num >0) 
      { 
       $pic1=("members/$id/image01.jpg"); 
       if(file_exists($pic1)) 
       { 
         unlink($pic1); 

       } 
       $dir = "members/$id"; 
       rmdir($dir); 
       $sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error()); 
       $sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error()); 
       session_destroy(); 
       $msgToUser="YOUR Account Has Been Deleted!!!"; 
       exit(); 
      } 
     } 
     $msgToUser="<h3 style='color:#CC0000'>You must Write the Correct Password</h3>"; 
} 

?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Edit Page</title> 
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' /> 
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' /> 
<link href="default.css" rel="stylesheet" type="text/css" media="all" /> 

</head> 

<body> 

<?php /*require_once('header.php');*/ ?> 
<div id="wrapper"> 
    <div id="page-wrapper"> 
     <div id="page"> 
      <div id="wide-content"> 
       <table width="70%" align="center" cellpadding="6"> 
       <form action="delete_account.php" method="post" name="delete_form" > 
       <tr> 
        <td bgcolor="#CCCCCC">Delete Your Account </td> 
       </tr> 
       <tr> 
        <td>Please enter Your current Password to proceed with account deletion</td> 
       </tr> 
       <tr> 
        <td><input type="password" name="del_account_pass" id="del_account_pass" /></td> 
       </tr> 
       <tr> 

        <td><input type="submit" name="delete" id="delete" value="Delete Account" /></td> 
       </tr> 
       <tr> 
       <td><?php echo $msgToUser; ?></td> 
       </tr> 
       </form> 
       </table> 



      </div> 
     </div> 
    </div> 
</div> 
<?php require_once('footer.php'); ?> 


</body> 
</html>

    來源

    2013-05-12 user2372265

    +0

    你的第二句話沒有意義,請澄清。 – 2013-05-12 08:35:00

    +0

    請注意,您的代碼容易受到[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)的影響。你應該確保你正確地逃避用戶輸入。在這種情況下'$ del_acct_pass'和可能'user_id',取決於如何生成。 – Steve 2013-05-12 08:36:35

    回答

    3

    如果這個說法是錯誤的

    if($check_pass)

    $ check_pass將是一個資源ID,這將是永遠非空,即使你得到的結果還是不行。你應該mysql_num_rows檢查它,如果它是否使用此

    if (mysql_num_rows($check_pass)>0) { 


     //write your delete code here 

}

    來源

    2013-05-12 08:37:42

    +0

    + 1比我快13秒, – 2013-05-12 08:38:45

    1

    你必須通過這裏第一個查詢的資源,而不是第二查詢返回的任何數據。

    $pass_check_num = mysql_num_rows($sql);

    應該

    $pass_check_num = mysql_num_rows($check_pass);

    來源

    2013-05-12 08:37:56

    0

    我認爲不是這樣

    $check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND user_id = '$id'") or die(mysql_error()); 
     if($check_pass) 
     { 
      $sql = mysql_query("SELECT * FROM user WHERE user_id = '$id'")or die(mysql_error()); 
      $pass_check_num = mysql_num_rows($sql); 
      if($pass_check_num >0) 
      {

    你可以簡單地這樣做:

    $sql= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND user_id = '$id'") or die(mysql_error()); 
      $pass_check_num = mysql_num_rows($sql); 
      if($pass_check_num >0) 
      {

    來源

    2013-05-12 08:38:58 TheEwook

    0

    你的代碼必須是這樣的,以工作,但被告知你的querys已被棄用,y ou應該使用msqli或PDO,而不是很難改變它們,如果你繼續使用它,最有可能的是你的querys在不久的將來不會工作,沒有提到安全問題。 Link to Get Your Code Better

    <?php 
session_start(); 
$msgToUser=""; 
if(@!$_SESSION['user_id']) 
{ 
    $msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>'; 
    exit(); 
} 
$id = $_SESSION['user_id']; 

if(isset($_POST['delete'])) 
{ 


     $del_acct_pass = $_POST['del_account_pass']; 

     require_once('include/connect.php'); 
     $check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND user_id = '$id'") or die(mysql_error()); 
     $check_pass_num = mysql_num_rows($check_pass); 
      if($check_pass_num >0) 
       { 

       $pic1=("members/$id/image01.jpg"); 
       if(file_exists($pic1)) 
       { 
         unlink($pic1); 

       } 
       $dir = "members/$id"; 
       rmdir($dir); 
       $sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error()); 
       $sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error()); 
       session_destroy(); 
       $msgToUser="YOUR Account Has Been Deleted!!!"; 
       exit(); 

     } 
     $msgToUser="<h3 style='color:#CC0000'>You must Write the Correct Password</h3>"; 
} 

?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
<title>Edit Page</title> 
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' /> 
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' /> 
<link href="default.css" rel="stylesheet" type="text/css" media="all" /> 

</head> 

<body> 

<?php /*require_once('header.php');*/ ?> 
<div id="wrapper"> 
    <div id="page-wrapper"> 
     <div id="page"> 
      <div id="wide-content"> 
       <table width="70%" align="center" cellpadding="6"> 
       <form action="delete_account.php" method="post" name="delete_form" > 
       <tr> 
        <td bgcolor="#CCCCCC">Delete Your Account </td> 
       </tr> 
       <tr> 
        <td>Please enter Your current Password to proceed with account deletion</td> 
       </tr> 
       <tr> 
        <td><input type="password" name="del_account_pass" id="del_account_pass" /></td> 
       </tr> 
       <tr> 

        <td><input type="submit" name="delete" id="delete" value="Delete Account" /></td> 
       </tr> 
       <tr> 
       <td><?php echo $msgToUser; ?></td> 
       </tr> 
       </form> 
       </table> 



      </div> 
     </div> 
    </div> 
</div> 
<?php require_once('footer.php'); ?> 


</body> 
</html>

    來源

    2013-05-12 08:45:01 konnection

    相關問題
    最新問題

     相關問題