您的位置: 首页  >  技术问答  >  $ _GET停止了删除记录的工作

$ _GET停止了删除记录的工作

分类: 技术问答 2022-03-14 17:18:48

$ _GET停止了删除记录的工作

问题描述:

For a webapplication I'm building the delete user function stopped working. I didn't change anything related to this function. So I'm quite puzzeled. I have PHP Console installed in chrome (and the app). But it isn't giving any errors or warnings.

I'm using bootbox to verify if the user really should be deleted:

function delete_id(id, fullname) {
    bootbox.confirm({
        size: 'small',
        message: '<i class="glyphicon glyphicon-question-sign orange"></i>Are you sure you want to delete user "'+fullname+'"?',
        callback: function(result) {
            if(result) {
                window.location.href = '?delete_id='+id;
            } 
        }
    });
}

Then it should be passed through my php function:

function delete_user ($mysqli) {
    if(isset($_GET['delete_id'])) {
        $sql_name = "SELECT * FROM users WHERE uid='".$_GET['delete_id']."'";
        $result_name = $mysqli->query($sql_name);
        $row = $result_name->fetch_assoc();

        $sql_log = "DELETE FROM loginlog WHERE uid='".$row['uid']."'";
        $result_log = $mysqli->query($sql_log);

        $sql_user = "DELETE FROM users WHERE uid='".$row['uid']."'";
        $result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));

        $_SESSION['success'] = "User \"".$row['firstname']." ".$row['prefix']." ".$row['lastname']."\" is deleted.";
        header("location: ".BASE_PATH."/includes/views/users.php");
        exit();
    }
}

the delete_user() function is called in users.php And this was working just fine, but now it isn't anymore.. Am I overlooking something?

I would advise:

function delete_user ($mysqli, $id) {
    if(isset($id)) {
        $sql_name = sprintf("SELECT * FROM users WHERE uid='%d'", $id);
        $result_name = $mysqli->query($sql_name);
        $row = $result_name->fetch_assoc();

        $sql_log = "DELETE FROM loginlog WHERE uid='{$row['uid']}'";
        $result_log = $mysqli->query($sql_log);

        $sql_user = "DELETE FROM users WHERE uid='{$row['uid']}'";
        $result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));

        $_SESSION['success'] = "User \"{$row['firstname']} {$row['prefix']} {$row['lastname']}\" is deleted.";
        return true;
    } else {
        return false;
    }
}

Then you can execute:

if(delete_user($sql, $_GET['id'])){
    header("location: ".BASE_PATH."/includes/views/users.php");
}

It's always good to use best practices, even in a intranet. One rouge user or someone that thinks they know a little something, and you could lose tables or have rows fowled. ALWAYS protect your user entered data, especially from the users.

相关推荐