Fatal编程技术网
  • php/
  • Php 使用用户ID变量向MYSQL发送HTTP Delete请求

Php 使用用户ID变量向MYSQL发送HTTP Delete请求

php android mysql

Php 使用用户ID变量向MYSQL发送HTTP Delete请求,php,android,mysql,httprequest,Php,Android,Mysql,Httprequest,您好,我正在尝试使用where子句从MYSQL数据库中的表中删除一条记录。 这是我到目前为止所做的,但它不起作用,我也不知道该怎么做。有没有办法让这一切顺利进行?我已经包括了我的delete方法和php文件代码 我的网址- deleteCompletedGoal=("http://10.0.2.2/deleteCompletedGoalAddress.php?user_goal_id="+completed_goalID); 我的代码- private void deleteNonActi

您好,我正在尝试使用where子句从MYSQL数据库中的表中删除一条记录。 这是我到目前为止所做的,但它不起作用,我也不知道该怎么做。有没有办法让这一切顺利进行?我已经包括了我的delete方法和php文件代码

我的网址-

 deleteCompletedGoal=("http://10.0.2.2/deleteCompletedGoalAddress.php?user_goal_id="+completed_goalID);
我的代码-

 private void deleteNonActiveGoal(){
        try {
            URL url = new URL(deleteCompletedGoal);
            HttpURLConnection http = (HttpURLConnection) url.openConnection();
            http.setRequestMethod("POST");
            http.setRequestProperty("X-HTTP-Method-Override", "DELETE");
            http.setDoInput(true);
            http.setDoOutput(true);

            OutputStream ops = http.getOutputStream();
            BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(ops, "UTF-8"));
            String data = URLEncoder.encode("user_goal_id", "UTF-8") + "=" + URLEncoder.encode(completed_goalID, "UTF-8") + "&&";

            writer.write(data);
            writer.flush();
            writer.close();
            ops.close();

            InputStream ips = http.getInputStream();
            BufferedReader reader = new BufferedReader(new InputStreamReader(ips, "ISO-8859-1"));

            String line;
            while ((line = reader.readLine()) != null) {
                result += line;
            }
            reader.close();
            ips.close();
            http.disconnect();

        }
        catch (MalformedURLException e) {
            result = e.getMessage();
        } catch (IOException e) {
            result = e.getMessage();
        }

    }
PHP文件:

<?php
require "connection.php";

$completed_goalID=$_POST["user_goal_id"];


$mysql_qry = "DELETE from user_goals WHERE user_goal_id ='$completed_goalID'";

if($conn->query($mysql_qry) === TRUE) {
echo "delete successful";
}
else{
echo "delete failed";
}
$conn->close();
?>

由于您要在查询字符串中发送变量,因此将使用GET而不是POST。更改:


 $completed_goalID=$_POST["user_goal_id"];


警告


了解有关的语句。即使是这样也不安全
 使用$\u GET作为url中的catch变量,如:


$completed_goalID=$_GET["user_goal_id"];


将防止sql攻击()的查询更改为:




说。即使是这样也不安全!很确定“未定义索引”就是这种情况。您正在使用GET方法进行URL检索,但发布了索引。@JayBlanchard他们没有使用mysql_;-)咖啡还不够@FunkFortyNiner;-)@JayBlanchard太糟糕了,我不能通过mosheen的“Beam me up Scotty”再给你发一个;-))@KasiaKaplińska您的错误日志中是否有任何错误?

$completed_goalID=$_GET["user_goal_id"];



 <?php
    require "connection.php";

    $completed_goalID=$_POST["user_goal_id"];


    $mysql_qry = $conn->prepare("DELETE from user_goals WHERE user_goal_id=?");
    $mysql_qry->bind_param('i',$completed_goalID);
    if($mysql_qry->execute() === TRUE){

    echo "delete successful";
    }
    else{
    echo "delete failed";
    }
   $mysql_qry->close();
    $conn->close();
    ?>