使用get url php字符串删除数据 [英] Delete data using get url php string

问题描述

我创建了一个名为delete.php

具有以下代码

<?php

require_once("database.php");
$con = mysql_connect($config["db_server"],$config["db_user"],$config["db_pass"]);
mysql_select_db($config['db_name'], $con);


// The SQL statement that deletes the record
$strSQL = "DELETE FROM records WHERE record_id = 1";
mysql_query($strSQL);

// Close the database connection
mysql_close();
?>

现在，如果我转到http://www.domain.com/delete.php 这将删除表记录中带有1的记录ID.

Now if I goto http://www.domain.com/delete.php which will will delete record id with 1 in table records.

我如何使用php字符串，所以当我进入http://www.domain.com/delete.php?del?=25 它会删除record_id 25?

How do I use php string so when I go to http://www.domain.com/delete.php?del?=25 it deletes record_id 25?

谢谢.

推荐答案

您将使用

You would use the $_GET superglobal to capture the passed variable.

$deleteId = $_GET['del'];
$strSQL = "DELETE FROM records WHERE record_id = $deleteId";

但是，这是不安全且错误的.不要使用此代码！

However, this is insecure and wrong. Do not use this code!

您将需要停止使用mysql_函数(不建议使用)和使用准备好的语句来帮助防止SQL注入.

You will need to stop using mysql_ functions (they are deprecated) and use prepared statements to help prevent SQL injection.

如评论中所述，由于网络蜘蛛可能存在问题，因此不建议使用此方法. 本文讨论了该问题，并

As mentioned in the comments, this method is not suggested due to possible issues with web spiders. This article discusses that issue and this question discusses the best practices.

这篇关于使用get url php字符串删除数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！