$_GET 停止工作以删除记录
$_GET stopped working for deleting records
对于我正在构建的网络应用程序,删除用户功能已停止工作。我没有更改与此功能相关的任何内容。所以我很纳闷。
我在 chrome(和应用程序)中安装了 PHP 控制台。但它没有给出任何错误或警告。
我正在使用 bootbox 来验证用户是否真的应该被删除:
function delete_id(id, fullname) {
bootbox.confirm({
size: 'small',
message: '<i class="glyphicon glyphicon-question-sign orange"></i>Are you sure you want to delete user "'+fullname+'"?',
callback: function(result) {
if(result) {
window.location.href = '?delete_id='+id;
}
}
});
}
然后应该通过我的php函数传递:
function delete_user ($mysqli) {
if(isset($_GET['delete_id'])) {
$sql_name = "SELECT * FROM users WHERE uid='".$_GET['delete_id']."'";
$result_name = $mysqli->query($sql_name);
$row = $result_name->fetch_assoc();
$sql_log = "DELETE FROM loginlog WHERE uid='".$row['uid']."'";
$result_log = $mysqli->query($sql_log);
$sql_user = "DELETE FROM users WHERE uid='".$row['uid']."'";
$result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
$_SESSION['success'] = "User \"".$row['firstname']." ".$row['prefix']." ".$row['lastname']."\" is deleted.";
header("location: ".BASE_PATH."/includes/views/users.php");
exit();
}
}
在 users.php 中调用了 delete_user() 函数
这工作得很好,但现在不行了。我是不是忽略了什么?
我会建议:
function delete_user ($mysqli, $id) {
if(isset($id)) {
$sql_name = sprintf("SELECT * FROM users WHERE uid='%d'", $id);
$result_name = $mysqli->query($sql_name);
$row = $result_name->fetch_assoc();
$sql_log = "DELETE FROM loginlog WHERE uid='{$row['uid']}'";
$result_log = $mysqli->query($sql_log);
$sql_user = "DELETE FROM users WHERE uid='{$row['uid']}'";
$result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
$_SESSION['success'] = "User \"{$row['firstname']} {$row['prefix']} {$row['lastname']}\" is deleted.";
return true;
} else {
return false;
}
}
然后可以执行:
if(delete_user($sql, $_GET['id'])){
header("location: ".BASE_PATH."/includes/views/users.php");
}
使用最佳实践总是好的,即使是在 Intranet 中也是如此。一个 rouge 用户或自认为知道一点的人,您可能会丢失表格或弄乱行。始终保护您的用户输入的数据,尤其是防止用户输入的数据。
对于我正在构建的网络应用程序,删除用户功能已停止工作。我没有更改与此功能相关的任何内容。所以我很纳闷。 我在 chrome(和应用程序)中安装了 PHP 控制台。但它没有给出任何错误或警告。
我正在使用 bootbox 来验证用户是否真的应该被删除:
function delete_id(id, fullname) {
bootbox.confirm({
size: 'small',
message: '<i class="glyphicon glyphicon-question-sign orange"></i>Are you sure you want to delete user "'+fullname+'"?',
callback: function(result) {
if(result) {
window.location.href = '?delete_id='+id;
}
}
});
}
然后应该通过我的php函数传递:
function delete_user ($mysqli) {
if(isset($_GET['delete_id'])) {
$sql_name = "SELECT * FROM users WHERE uid='".$_GET['delete_id']."'";
$result_name = $mysqli->query($sql_name);
$row = $result_name->fetch_assoc();
$sql_log = "DELETE FROM loginlog WHERE uid='".$row['uid']."'";
$result_log = $mysqli->query($sql_log);
$sql_user = "DELETE FROM users WHERE uid='".$row['uid']."'";
$result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
$_SESSION['success'] = "User \"".$row['firstname']." ".$row['prefix']." ".$row['lastname']."\" is deleted.";
header("location: ".BASE_PATH."/includes/views/users.php");
exit();
}
}
在 users.php 中调用了 delete_user() 函数
这工作得很好,但现在不行了。我是不是忽略了什么?
我会建议:
function delete_user ($mysqli, $id) {
if(isset($id)) {
$sql_name = sprintf("SELECT * FROM users WHERE uid='%d'", $id);
$result_name = $mysqli->query($sql_name);
$row = $result_name->fetch_assoc();
$sql_log = "DELETE FROM loginlog WHERE uid='{$row['uid']}'";
$result_log = $mysqli->query($sql_log);
$sql_user = "DELETE FROM users WHERE uid='{$row['uid']}'";
$result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
$_SESSION['success'] = "User \"{$row['firstname']} {$row['prefix']} {$row['lastname']}\" is deleted.";
return true;
} else {
return false;
}
}
然后可以执行:
if(delete_user($sql, $_GET['id'])){
header("location: ".BASE_PATH."/includes/views/users.php");
}
使用最佳实践总是好的,即使是在 Intranet 中也是如此。一个 rouge 用户或自认为知道一点的人,您可能会丢失表格或弄乱行。始终保护您的用户输入的数据,尤其是防止用户输入的数据。