Fatal编程技术网
  • php/
  • PHP删除函数已损坏

PHP删除函数已损坏

php mysql

PHP删除函数已损坏,php,mysql,delete-row,Php,Mysql,Delete Row,我试图让删除功能正常工作,但它总是失败。我已经看了几个小时了,在网上搜寻答案,但似乎什么都不管用。这个想法是,在表格中,有一个按钮可以点击。单击时,它将在所选行上运行删除代码 <?php error_reporting(E_ALL); ini_set("display_errors", 1); session_start(); if (isset($_COOKIE["user_cookie"])){ $username = $_COOKIE["user_cookie"]

我试图让删除功能正常工作,但它总是失败。我已经看了几个小时了,在网上搜寻答案,但似乎什么都不管用。这个想法是,在表格中,有一个按钮可以点击。单击时,它将在所选行上运行删除代码

    <?php

error_reporting(E_ALL);
ini_set("display_errors", 1);

session_start();
if (isset($_COOKIE["user_cookie"])){
    $username = $_COOKIE["user_cookie"];     
}else{
    $username = '';
}
if (isset($_GET['New'])) {  
   Cookie("Event", $_GET['New']);  
}
if (isset($_COOKIE["user_type"])){
    $userType = $_COOKIE["user_type"];     
}else{
    $userType = '';
}


include_once('config.php');
if (isset($_GET['delID']) && true){ // COOKIE HERE

  $result = $mysqli->query("DELETE FROM oneuuid WHERE uuid = " . $_GET['delID']); 
  if ($result === false){
    print("
      <script type='text/javascript'>
        alert('Failed to delete event')
      </script>
      ");
  }   
}




?>




<!DOCTYPE html>
<html lang="en">


<head>
  <title>UUID </title>  <!-- !!!!!!!!!!!!!!!!!!!!!!!!!LOOK HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-->
  <meta name="viewport" content="width = device-width, initial-scale = 1.0" />
  <link href = "css/bootstrap.min.css" rel = "stylesheet">
  <link href = "css/styles.css" rel = "stylesheet">
  <link href = "loginstylesheet.css" rel = "stylesheet">
  <style type="text/css"> 

 .clickable{
      cursor: pointer; 
      cursor: hand;
    }
  .highcontrast {
      background-color: #696969;
      a, a:visited { color: white; }
    }  

  </style>
</head>






<body>
  <!--          div for toggle                             -->
  <div id="toggle" style="height:260px">
    <!--          div for toggle                             -->
        <!--/.nav-collapse -->  
 <div class="col-md-3" id="leftCol">
        <center>
          <form action = "printStuff2.php" method = "post">
            <input type = "text" name = "search" size="28" placeholder="Enter name..."/>
            <input type = "Submit" class="styled-button-8" value = "Search"/>
          </form>
        </br>
      </center>
      </div>

  <div class="container">
    <div class="row">
      <div class="col-md-9">
        <!-- Main content on page -->
        <br>






      <?php error_reporting(E_ALL); ini_set('display_errors', 1);


//search bar code.

//Establish connection
include_once('config.php');
      $mysqli = new mysqli($host,$user,$password,$db); 
      if ($mysqli->connect_error) {
        die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
      } 
//variable to store user input, which we can work with.
      if(!empty($_POST['search'])){
        $searchq = $_POST['search'];



    //SQL Query, it selects all from DB where users input is similar to, either school name, headmaster name or address
        $query = mysqli_query($mysqli, "SELECT * FROM oneuuid WHERE name LIKE '%$searchq%'") or die(mysqli_error($mysqli));
        $count = mysqli_num_rows($query);
    // if the $search contains at least one row
        print '<table class = "table table-hover">';
        print '<tr>';
        print '<th> SEARCH RESULT GENERATED </th>';
        print '</tr>';
        print '</table>';
        if ($query->num_rows > 0) {
        // output data of each row from $result

          print '<table class = "table table-hover">';


            print '<tr>';

            print'<th> UUID</th>';
            print'<th> Name</th>';  
            print' <th> Delete </th>';            
            print '</tr>';

          while($row = $query->fetch_assoc()) {

            print '<tr>';
            print '<td>'.$row["uuid"].'</td>';
            print '<td>'.$row["name"].'</td>';
            print("<td class='centered clickable' onclick='deleteEvent(\"$row[uuid]\", \"$row[name]\")'><span class='glyphicon glyphicon-remove'></span></td>");            
            print '</tr>';

          }

           print '</table>';
        }
        else {
          echo '0 results';
        }
      }    
      ?>
      <div class="container">
        <div class="col-md-9">
          <div class="panel panel-default">
            <div class="panel-heading">Look UP!</div>
            <table class="table table-hover">


            </tbody>
          </table>
        </div>
      </div>

    </div>
  </div>
</div>
</div>
</div>








 <script type="text/javascript">


   function deleteEvent(uuid, name){
      if (confirm("You are about to delete \"" + uuid + "\" this can not be undone.") == true) {
        window.location.href = "printStuff2.php?" + "&delID=" + uuid;
    } 
  }




</script>


</body>
</html

您正在发送UUID,但没有引用它们,因此您的查询最终会被删除


  DELETE ... WHERE uuid=12345-6789-a0735...
                           ^---^--- numbers
                                     ^---unknown field name


根据
-
之间部分的内容,这些部分将被视为数字或字符串,这意味着您正在进行数学减法,或者指定未知/非法的字段名

您至少需要:


DELETE ... WHERE uuid='$_GET[id]'
                      ^---------^



在有人破坏你的服务器之前,你真的需要了解一下。
问题是在什么时候发生的?例如,您是否已验证delID是否已成功传递到printStuff2.php?另一方面,请注意,用于delete命令的语法对sql注入是开放的。这其中哪部分不起作用?“删除”按钮是否出现?它的点击事件有效吗?正在加载您的PHP页面吗?您得到了正确的值吗?这里发生了很多事情,“似乎什么都没用”对我们没有帮助。上面的代码是printStuff2.php的内容。我该如何防止sql注入???@JoeM:请看。另外,如果我转到
printsuff2.php?delID=uuid
,那么您的整个表都将被清空。@JoeM:这是因为您正在生成以下字符串:
DELETE FROM oneuuid,其中uuid=315d71f2-d050-41e4-9639-f8032a2a5cc7ab
。您可能希望在字符串值周围加引号。请参见并遵循mysqli示例。另请参见类似的内容:
$result=$mysqli->query(“从oneuuid中删除,其中uuid=“”。$\u GET[delID]”)??这会返回一个空白页,好像有什么问题:(@JoeM:
“从oneuuid中删除,其中uuid=”。$\u GET['delID']。“
。注意你的引用。或者更好的是:
“从oneuuid中删除,其中uuid=”{$\u GET['delID']};