您的位置: 首页  >  技术问答  >  Echo删除链接到php

Echo删除链接到php

分类: 技术问答 2022-03-07 08:42:10

Echo删除链接到php

问题描述:

I have a question regarding a delete function into php. Consindiring PHP I'm a real noob in this.

I want to make a delete link into a php loop.

This is my home.php:

while($row = $result->fetch_assoc()) {
    echo "<tr>";
    echo "<td class='info-item'>".$row["userID"]."</td>";
    echo "<td class='info-item'>".$row["userName"]." </td>";
    echo "<td class='info-item'>".$row["userLast"]."</td>";
    echo "<td class='info-item'>".$row["userDegree"]."</td>";
    echo "<td class='info-item'>".$row["userOrganization"]."</td>";
    echo "<td class='info-item'>".$row["userIndustry"]."</td>";
    echo "<td class='info-item'>".$row["userAddress-1"]."</td>";
    echo "<td class='info-item'>".$row["userAddress-1"]."</td>";
    echo "<td class='info-item'><a href='$delete'>Link</a></td>";
}

This line:

echo "<td class='info-item'><a href='$delete'>Link</a></td>";

is not working.

for $delete I use this on top of my script:

$delete = "delete.php";

It goes to delete.php that looks like this.

ob_start();
include("dbconfig.php");
if(isset($_GET['userID'])!="") {
    $delete=$_GET['userID'];
    $delete=mysql_query("DELETE FROM tbl_users WHERE userID='$delete'");
    if($delete)
        header("Location:index.php");
    else
        echo mysql_error();
}
ob_end_flush();

But nothing appears to happen regarding the delete of a certain id that I clicked.

Please help.

Your delete is not working because it is redundant and static. You should make it Dynamic by (at least) appending the user ID to the delete.php. This id would then be used to determine which record to delete...

    <?php
        while($row = $result->fetch_assoc()) {
            // GENERATE AN ID BASED URL FOR THE DELETE
            // THIS WOULD READ SOMETHING LIKE: "delete?id=1" 
            // AND THE ID WOULD BE UNIQUE ACROSS EACH ROW....
            // YOU CAN THEN USE THE ID ($_GET['userID'] TO DETERMINE WHICH USER
            // ADD userId WHICH RECORD YOU HAVE TO DELETE....
            $delete = "delete.php?userID="  . $row["userID"];
            echo "<tr>";
            echo "<td class='info-item'>"   . $row["userID"]            . "</td>";
            echo "<td class='info-item'>"   . $row["userName"]          . " </td>";
            echo "<td class='info-item'>"   . $row["userLast"]          . "</td>";
            echo "<td class='info-item'>"   . $row["userDegree"]        . "</td>";
            echo "<td class='info-item'>"   . $row["userOrganization"]  . "</td>";
            echo "<td class='info-item'>"   . $row["userIndustry"]      . "</td>";
            echo "<td class='info-item'>"   . $row["userAddress-1"]     . "</td>";
            echo "<td class='info-item'>"   . $row["userAddress-1"]     . "</td>";
            echo "<td class='info-item'><a href='{$delete}' >Delete User</a></td>";
        }

PHP:

    <?php

        // USING PDO...
        //DATABASE CONNECTION CONFIGURATION:
        defined("HOST")         or define("HOST",           "localhost");
        defined("DBASE")        or define("DBASE",          "yourDB");
        defined("USER")         or define("USER",           "root");
        defined("PASS")         or define("PASS",           "root");

        ob_start();
        if(isset($_GET['userID'])!="") {
            $userID         = $_GET['userID'];
            try {
                $dbh        = new PDO('mysql:host='.HOST.';dbname='. DBASE,USER,PASS);
                $dbh->setAttribute(PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);

                $query      = "DELETE FROM `tbl_users` WHERE userID='{$userID}'";
                $stmt       = $dbh->prepare($query);
                $deleteOK   = $stmt->execute();

                if ($deleteOK) {
                    header("Location:index.php");
                }

            }catch(PDOException $e){
                throw new Exception($e->getMessage());
            }
        }
        ob_end_flush();

You should include the user ID in the link:

echo "<td class='info-item'><a href='$delete?userID={$row["userID"]}'>Link</a></td>";

Besides, your code is prone to SQL injection and uses the mysql_* functions which will not be supported any more in the future. Replace them with functions from the mysqli or PDO classes.

When you are sending the control to another page, the $delete variable will not be passed on. So it is always better to use a query string. My best solution will be:

  • Get the ID from the database.
  • Append the ID to the link.
  • Use the $_GET to get the query string of record.

home.php code:

echo "<td class='info-item'><a href='{$delete}?userID=".$row["userID"]."'>Link</a></td>";

Now in the main delete.php:

$delete = $_GET["userID"];

Note: Your code has a lot of vulnerabilities. Do not use mysql_* functions as they are deprecated.

You are not sending userID with your url, change here.

echo "<td class='info-item'><a href='$delete?userID=".$row["userID"]."'>Link</a></td>";

Also use exit after header here

header("Location:index.php");
exit;

相关推荐