使用用户 ID 变量向 MYSQL 发送 HTTP 删除请求
HTTP Delete Request to MYSQL with user ID variable
您好,我正在尝试使用 where 子句从 MYSQL 数据库中的 table 中删除一条记录。
到目前为止,这是我所拥有的,但它不起作用,我不确定如何去做。有没有办法使这项工作?我已经包括了我的删除方法和 php 文件代码。
我的 URL -
deleteCompletedGoal=("http://10.0.2.2/deleteCompletedGoalAddress.php?user_goal_id="+completed_goalID);
我的代码-
private void deleteNonActiveGoal(){
try {
URL url = new URL(deleteCompletedGoal);
HttpURLConnection http = (HttpURLConnection) url.openConnection();
http.setRequestMethod("POST");
http.setRequestProperty("X-HTTP-Method-Override", "DELETE");
http.setDoInput(true);
http.setDoOutput(true);
OutputStream ops = http.getOutputStream();
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(ops, "UTF-8"));
String data = URLEncoder.encode("user_goal_id", "UTF-8") + "=" + URLEncoder.encode(completed_goalID, "UTF-8") + "&&";
writer.write(data);
writer.flush();
writer.close();
ops.close();
InputStream ips = http.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(ips, "ISO-8859-1"));
String line;
while ((line = reader.readLine()) != null) {
result += line;
}
reader.close();
ips.close();
http.disconnect();
}
catch (MalformedURLException e) {
result = e.getMessage();
} catch (IOException e) {
result = e.getMessage();
}
}
PHP 文件:
<?php
require "connection.php";
$completed_goalID=$_POST["user_goal_id"];
$mysql_qry = "DELETE from user_goals WHERE user_goal_id ='$completed_goalID'";
if($conn->query($mysql_qry) === TRUE) {
echo "delete successful";
}
else{
echo "delete failed";
}
$conn->close();
?>
由于您在查询字符串中发送变量,因此您将使用 GET 而不是 POST。变化:
$completed_goalID=$_POST["user_goal_id"];
到
$completed_goalID=$_GET["user_goal_id"];
警告
Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string不安全!
使用 $_GET 获取来自 url 的 catch 变量,例如:
$completed_goalID=$_GET["user_goal_id"];
更改查询以防止 sql 攻击 (Reference),例如:
<?php
require "connection.php";
$completed_goalID=$_POST["user_goal_id"];
$mysql_qry = $conn->prepare("DELETE from user_goals WHERE user_goal_id=?");
$mysql_qry->bind_param('i',$completed_goalID);
if($mysql_qry->execute() === TRUE){
echo "delete successful";
}
else{
echo "delete failed";
}
$mysql_qry->close();
$conn->close();
?>
您好,我正在尝试使用 where 子句从 MYSQL 数据库中的 table 中删除一条记录。 到目前为止,这是我所拥有的,但它不起作用,我不确定如何去做。有没有办法使这项工作?我已经包括了我的删除方法和 php 文件代码。
我的 URL -
deleteCompletedGoal=("http://10.0.2.2/deleteCompletedGoalAddress.php?user_goal_id="+completed_goalID);
我的代码-
private void deleteNonActiveGoal(){
try {
URL url = new URL(deleteCompletedGoal);
HttpURLConnection http = (HttpURLConnection) url.openConnection();
http.setRequestMethod("POST");
http.setRequestProperty("X-HTTP-Method-Override", "DELETE");
http.setDoInput(true);
http.setDoOutput(true);
OutputStream ops = http.getOutputStream();
BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(ops, "UTF-8"));
String data = URLEncoder.encode("user_goal_id", "UTF-8") + "=" + URLEncoder.encode(completed_goalID, "UTF-8") + "&&";
writer.write(data);
writer.flush();
writer.close();
ops.close();
InputStream ips = http.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(ips, "ISO-8859-1"));
String line;
while ((line = reader.readLine()) != null) {
result += line;
}
reader.close();
ips.close();
http.disconnect();
}
catch (MalformedURLException e) {
result = e.getMessage();
} catch (IOException e) {
result = e.getMessage();
}
}
PHP 文件:
<?php
require "connection.php";
$completed_goalID=$_POST["user_goal_id"];
$mysql_qry = "DELETE from user_goals WHERE user_goal_id ='$completed_goalID'";
if($conn->query($mysql_qry) === TRUE) {
echo "delete successful";
}
else{
echo "delete failed";
}
$conn->close();
?>
由于您在查询字符串中发送变量,因此您将使用 GET 而不是 POST。变化:
$completed_goalID=$_POST["user_goal_id"];
到
$completed_goalID=$_GET["user_goal_id"];
警告
Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string不安全!
使用 $_GET 获取来自 url 的 catch 变量,例如:
$completed_goalID=$_GET["user_goal_id"];
更改查询以防止 sql 攻击 (Reference),例如:
<?php
require "connection.php";
$completed_goalID=$_POST["user_goal_id"];
$mysql_qry = $conn->prepare("DELETE from user_goals WHERE user_goal_id=?");
$mysql_qry->bind_param('i',$completed_goalID);
if($mysql_qry->execute() === TRUE){
echo "delete successful";
}
else{
echo "delete failed";
}
$mysql_qry->close();
$conn->close();
?>