删除MySQLi记录而不在URL中显示ID [英] Delete MySQLi record without showing the id in the URL
问题描述
我正在尝试通过数据库ID删除数据库中的记录.该代码可以正常工作,但问题是URL中出现了ID,据我所知这是不安全的.
I'm trying to delete records from the DB by their ID. The code works as it should but the problem is the ID is coming up in the URL, which from my knowledge it's unsafe.
URL:" http://localhost/Project/includes/delete.php?id = 27 "
我已经使用准备好的语句删除了记录,但是问题出在按钮上.我已经使用其他方法来确保它安全了吗?
I have used prepared statement to delete the records but the problem comes from the button. IS there any other approach to the one I'm already using to make it safe?
这是代码:
while($row = $result->fetch_assoc()) {
echo '<tr>';
echo '<td>' . $row['row1'] . '</td>';
echo '<td>' . $row['row2'] . '</td>';
echo '<td>' . $row['row3'] . '</td>';
echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>';
echo '</tr>';
}
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
$id = $_GET['id'];
if ($stmt = $mysqli->prepare("DELETE FROM table WHERE id = ? LIMIT 1")) {
$stmt->bind_param("i", $id);
$stmt->execute();
printf("Affected rows (DELETE): %d\n", $mysqli->affected_rows);
$stmt->close();
}
}
基本上,我希望每当用户单击行以删除记录而不是使用按钮时,都使整个行都可单击.但是,我面临的最大挑战是如何不在URL中显示其ID.
Basically I'd like to the make the whole row clickable, whenever the user clicks on the row to delete the records, rather than using the buttons. However, my big challenge is how not to show its ID in the URL.
我们非常感谢您的帮助.
Any help is highly appreciated.
谢谢
推荐答案
在$_SESSION
中设置Id
,您可以在页面之间传递它.
Set the Id
in $_SESSION
and you can pass it between pages.
OR
您可以使用Ajax完成
You can do it with ajax
while($row = $result->fetch_assoc()) {
echo '<tr class=\"deleted\">';
echo '<td>' . $row['row1'] . '</td>';
echo '<td>' . $row['row2'] . '</td>';
echo '<td>' . $row['row3'] . '</td>';
echo '<td><a href="#" id="'. $row['id'] .'" class=\"delete\">Delete</a></td>';
echo '</tr>';
}
在上述代码所在的页面中添加此脚本;
Add this script in page where above code is located ;
<script type="text/javascript">
$(function() {
$(".delete").click(function(){
var element = $(this);
var del_id = element.attr("id");
var info = 'id=' + del_id;
if(confirm("Are you sure you want to delete this?")){
$.ajax({
type: "POST",
url: "delete.php",
data: info,
success: function(){
}
});
$(this).parents(".deleted").hide(500);
}
return false;
});
});
</script>
在根目录中创建一个delete.php,就像
create a delete.php in root and it will be like
<?php
//Add your database connection first here
if (isset($_POST['id']) && is_numeric($_POST['id'])) {
$id = $_POST['id'];
if ($stmt = $mysqli->prepare("DELETE FROM table WHERE id = ? LIMIT 1")) {
$stmt->bind_param("i", $id);
$stmt->execute();
//Set if condition here to check and show response
if ($stmt) {
echo "<font color='red'>Record Deleted Successful</font>";
} else {
echo "<font color='red'>Error While Trying To Delete Record, Please Try Again</font>";
}
//printf("Affected rows (DELETE): %d\n", $mysqli->affected_rows);
$stmt->close();
}
}
?>
使用Ajax,您的页面将不会刷新,并且数据将从数据库中删除,并且已删除的行将对用户隐藏
With Ajax, your page won't be refreshed and data will be deleted from database and deleted row will be hidden from user
这篇关于删除MySQLi记录而不在URL中显示ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!