duanchen1937 2015-08-14 14:41 采纳率: 0%
浏览 32
已采纳

$ _GET停止了删除记录的工作

For a webapplication I'm building the delete user function stopped working. I didn't change anything related to this function. So I'm quite puzzeled. I have PHP Console installed in chrome (and the app). But it isn't giving any errors or warnings.

I'm using bootbox to verify if the user really should be deleted:

function delete_id(id, fullname) {
    bootbox.confirm({
        size: 'small',
        message: '<i class="glyphicon glyphicon-question-sign orange"></i>Are you sure you want to delete user "'+fullname+'"?',
        callback: function(result) {
            if(result) {
                window.location.href = '?delete_id='+id;
            } 
        }
    });
}

Then it should be passed through my php function:

function delete_user ($mysqli) {
    if(isset($_GET['delete_id'])) {
        $sql_name = "SELECT * FROM users WHERE uid='".$_GET['delete_id']."'";
        $result_name = $mysqli->query($sql_name);
        $row = $result_name->fetch_assoc();

        $sql_log = "DELETE FROM loginlog WHERE uid='".$row['uid']."'";
        $result_log = $mysqli->query($sql_log);

        $sql_user = "DELETE FROM users WHERE uid='".$row['uid']."'";
        $result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));

        $_SESSION['success'] = "User \"".$row['firstname']." ".$row['prefix']." ".$row['lastname']."\" is deleted.";
        header("location: ".BASE_PATH."/includes/views/users.php");
        exit();
    }
}

the delete_user() function is called in users.php And this was working just fine, but now it isn't anymore.. Am I overlooking something?

  • 写回答

1条回答 默认 最新

  • douzhi6160 2015-08-14 15:54
    关注

    I would advise:

    function delete_user ($mysqli, $id) {
    if(isset($id)) {
        $sql_name = sprintf("SELECT * FROM users WHERE uid='%d'", $id);
        $result_name = $mysqli->query($sql_name);
        $row = $result_name->fetch_assoc();

        $sql_log = "DELETE FROM loginlog WHERE uid='{$row['uid']}'";
        $result_log = $mysqli->query($sql_log);

        $sql_user = "DELETE FROM users WHERE uid='{$row['uid']}'";
        $result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));

        $_SESSION['success'] = "User \"{$row['firstname']} {$row['prefix']} {$row['lastname']}\" is deleted.";
        return true;
    } else {
        return false;
    }
}

    Then you can execute:

    if(delete_user($sql, $_GET['id'])){
    header("location: ".BASE_PATH."/includes/views/users.php");
}

    It's always good to use best practices, even in a intranet. One rouge user or someone that thinks they know a little something, and you could lose tables or have rows fowled. ALWAYS protect your user entered data, especially from the users.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 silvaco GaN HEMT有栅极场板的击穿电压仿真问题
  • ¥15 谁会P4语言啊,我想请教一下
  • ¥20 win11无法启动 持续蓝屏且系统还原失败,无法开启系统保护
  • ¥15 哪个tomcat中startup一直一闪而过 找不出问题
  • ¥15 这个怎么改成直流激励源给加热电阻提供5a电流呀
  • ¥50 求解vmware的网络模式问题 别拿AI回答
  • ¥24 EFS加密后,在同一台电脑解密出错,证书界面找不到对应指纹的证书,未备份证书,求在原电脑解密的方法,可行即采纳
  • ¥15 springboot 3.0 实现Security 6.x版本集成
  • ¥15 PHP-8.1 镜像无法用dockerfile里的CMD命令启动 只能进入容器启动,如何解决?(操作系统-ubuntu)
  • ¥30 请帮我解决一下下面六个代码