使用PHP中的复选框删除MySQL记录

I'm trying to delete MySQL records in PHP using check boxes. I echoed each line and everything seems fine. The values and formats of the variables and arrays are correct.

But when I tried to echo $delete (which is the DELETE query) using VAR_DUMP(), it displays bool(false) (which means it doesn't get the value of the variable $emailID passed to it, right?). Why?

if (isset($_POST['deleteUser']) && isset($_POST['marked_user']))
{

    $marked_user = $_POST['marked_user'];


    foreach($marked_user as $user => $emailID)
    {
        $emailID = (int)$emailID;
        $delete = $base -> query( "DELETE FROM tickets.allowed_users WHERE allowed_users.emailID = '$emailID'");

    }
        header('Location: viewTickets.php?viewType=U');
}

This is the HTML part from a separate PHP file:

echo "<form action='addUser.php' method='POST'><table class='results3' align='center' cellspacing='0'>
            <tr><th class='head' id='headleft'  width='10%'></th>
                <th class='head' id='headright' colspan='4'>E-mail</th></tr>";

            while( $row = mysqli_fetch_array($sql) )
            {
                $email = $row['email'];
                $emailID = $row['emailID'];
                echo "<tr><td width='1%' class='results'><input type='checkbox' name='marked_user[]' value='$emailID'></td>
                        <td class='results' colspan='4'>" . $row['email']."</td></tr>";
            }
                echo "<td colspan='3'><input type='submit' class='button' name='deleteUser' value='Delete'></td></form>";

And this is my table:

CREATE TABLE allowed_Users
(
 emailID INT UNSIGNED NOT NULL AUTO_INCREMENT,
 email VARCHAR(50) NOT NULL,
 PRIMARY KEY( emailID )
);
draj30958
draj30958 我编辑了我的代码并删除了INSERT语句以避免混淆,因为这些只是示例记录。我还发布了一个工作代码作为我的问题的答案。我做到了。
6 年多之前 回复
duanmu5039
duanmu5039 脚本标签不属于那里。它只是放错了地方。$base属于处理php连接的单独文件中的类。我问的代码只是我正在研究的票务系统的一部分。Block1代码就是这样。我有另一个ifisset函数在某个php文件中它所属的那个做其他事情(插入用户)并且它工作得非常好。
6 年多之前 回复
doumangzhen7204
doumangzhen7204 $base是一个合适的MySQLi对象?可以用print_r($base)查看。
6 年多之前 回复
doujiurong7210
doujiurong7210 SQL注入漏洞。使用查询绑定而不是直接插入用户提供的值,特别是删除。你能用块1提供更多代码吗?我在那里看到一个关闭脚本标签,几乎没有上下文。
6 年多之前 回复

4个回答

I think you need to concatenate a string like this:

foreach($marked_user as $user => $emailID)
    {
        $emailID = (int)$emailID;
        $delete = $base -> query( "DELETE FROM tickets.allowed_users WHERE allowed_users.emailID = " . $emailID);

    }
for ($i = 0; $i < count($_POST["marked_user"]); $i++) {
 $base -> query("DELETE FROM tickets.allowed_users WHERE allowed_users.emailID = '".$_POST["marked_user"][$i]."'");
}

Check if that works. If it does, manipulate the imput data so your code does not remain vulnerable to SQL injections.

Change this code

$delete = $base -> query( "DELETE FROM tickets.allowed_users WHERE allowed_users.emailID  = '$emailID'"); 

To

$delete = $base->query( "DELETE FROM tickets.allowed_users WHERE allowed_users.emailID = '$emailID'");
doujiao7679
doujiao7679 删除 - 和>之间的空格不会改变任何东西。 我的其他查询看起来像那样,它的工作非常好。
6 年多之前 回复

I wasn't able to make foreach work so I used for loop instead. So there. I think I can rely more on for loop.

if(isset($_POST['delete']))
{       
    for($i=0;$i<count($_POST['marked']);$i++)
    {
        $del_id=$_POST['marked'][$i];
        $delete = $base -> query( "DELETE FROM allowed_users WHERE emailID = '$del_id'");   
    }
    header('Location: viewTickets.php?viewType=U');
}
dqp21271
dqp21271 根据对问题的评论,此代码不安全,可能允许匿名用户的任意查询在您的数据库上运行。 至少,使用这个漏洞彻底清空这个桌子是微不足道的。
大约 6 年之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问