在我的网站上删除数据库条目时遇到问题

I have echoed my database table onto my website and have tick option next to the table where you can tick it and delete any of the entries from the website, it should delete it from the database. For some reason its not working, I'm a beginner and any help would be greatly appreciated thanks.

我已将我的数据库表回显到我的网站上,并在表格旁边有勾选项,您可以在其中勾选并删除网站上的任何条目,它应该从数据库中删除它。由于某种原因,它不起作用,我是一个初学者,任何帮助将不胜感激,谢谢。

    <form method="" action="tester.php">
      <?php 

    include 'connect_to_mysql.php';

    $count=mysql_num_rows($result);
    $result = mysql_query("SELECT * FROM booking ORDER BY ID ASC");

    echo "<table border='1'>
    <tr>
    <th>DEL</th>
    <th>Name</th>
    <th>Email ID</th>
    <th>Phone Number</th>
    <th>Collection Address</th>
    <th>Collection Date</th>
    <th>Collection Time</th>
    <th>Make & Model</th>
    <th>Message</th>

    </tr>";

    while($row = mysql_fetch_array($result))
      {
          ?>
               <td align="center" bgcolor="#FFFFFF"><input name="delete_these[]"                                                                                                                         type="checkbox" id="checkbox[]" value="<?php echo $row['ID']; ?>"></td>
       <?php
    echo "<td>" . $row['name'] . "</td>";
    echo "<td>" . $row['email'] . "</td>";
      echo "<td>" . $row['phonenumber'] . "</td>";
      echo "<td>" . $row['collectionaddress'] . "</td>";
      echo "<td>" . $row['collectiondate'] . "</td>";
      echo "<td>" . $row['collectiontime'] . "</td>";
      echo "<td>" . $row['makemodel'] . "</td>";
      echo "<td>" . $row['message'] . "</td>";
      echo "</tr>";
      }
    echo "</table>";
    ?> <br>
    <td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit"                 id="delete" value="Delete"></td>
    </tr>

    <?php
    // Check if delete button active, start this 
    if(isset($_GET['delete']))  {

    for($i=0;$i<$count;$i++){
    $id = $checkbox[$i];
    print_r($_GET['delete_these']);
    $ids = implode(', ', $_POST['delete_these']);
    $sql = "DELETE FROM booking WHERE id IN($ids)";
    echo "<br />SQL: $sql<br />";
    $result = mysql_query($sql);
    }

    // if successful redirect to delete_multiple.php 
    if($result){

    }
    }
    mysql_close();
    ?>
    </form>

2 个解决方案

#1

you have add method in your form tag--

你在表单标签中添加了方法 -

<form  method="post" action="tester.php" >

and also replace if(isset($_GET['delete'])) to if(isset($_POST['delete']))

并且if(isset($ _ GET ['delete']))替换为if(isset($ _ POST ['delete']))

#2

Replace your form tag by:

将表单标记替换为:

<form method="post" action="tester.php">

then these 3:

那么这3个:

if(isset($_POST['delete']))

$id =(int)$_POST['delete_these'][$i];

$sql = "DELETE FROM booking WHERE id=$id";

at the place of these 3:

在这3个地方:

if(isset($_GET['delete']))

$id = $checkbox[$i];

$sql = "DELETE FROM booking WHERE id IN($ids)";

Your $id = $checkbox[$i]; works only if register_globals directive is on, which is now deprecated (and removed as of PHP 5.4) because of security issues it causes, and if it exists in the version of PHP you are using most hosting services turn it off.

你的$ id = $复选框[$ i];仅当register_globals指令处于启用状态时才会起作用,由于其导致的安全问题,现在已弃用(并从PHP 5.4中删除),如果它存在于PHP版本中,则使用大多数托管服务会将其关闭。

You'll be sending the data through post so you access them through $_POST. the (int) before the $_POST is to cast anything to integer so if the user try to send a string it will become 0, this will protect you from sql injection.

您将通过邮件发送数据,以便通过$ _POST访问它们。 $ _POST之前的(int)是将任何东西转换为整数,所以如果用户尝试发送一个字符串,它将变为0,这将保护你免受sql注入。

SIDE NOTE you should stop using mysql_* functions as they are deprecated. Check out PDO or mysqli

SIDE注意您应该停止使用mysql_ *函数,因为它们已被弃用。查看PDO或mysqli

#1