使用get url php字符串删除数据 [英] Delete data using get url php string
问题描述
我创建了一个名为delete.php
具有以下代码
<?php
require_once("database.php");
$con = mysql_connect($config["db_server"],$config["db_user"],$config["db_pass"]);
mysql_select_db($config['db_name'], $con);
// The SQL statement that deletes the record
$strSQL = "DELETE FROM records WHERE record_id = 1";
mysql_query($strSQL);
// Close the database connection
mysql_close();
?>
现在,如果我转到http://www.domain.com/delete.php
这将删除表记录中带有1的记录ID.
Now if I goto http://www.domain.com/delete.php
which will will delete record id with 1 in table records.
我如何使用php字符串,所以当我进入http://www.domain.com/delete.php?del?=25
它会删除record_id
25
?
How do I use php string so when I go to http://www.domain.com/delete.php?del?=25
it deletes record_id
25
?
谢谢.
推荐答案
You would use the $_GET
superglobal to capture the passed variable.
$deleteId = $_GET['del'];
$strSQL = "DELETE FROM records WHERE record_id = $deleteId";
但是,这是不安全且错误的.不要使用此代码!
However, this is insecure and wrong. Do not use this code!
您将需要停止使用mysql_
函数(不建议使用)和使用准备好的语句来帮助防止SQL注入.
You will need to stop using mysql_
functions (they are deprecated) and use prepared statements to help prevent SQL injection.
如评论中所述,由于网络蜘蛛可能存在问题,因此不建议使用此方法. 本文讨论了该问题,并
As mentioned in the comments, this method is not suggested due to possible issues with web spiders. This article discusses that issue and this question discusses the best practices.
这篇关于使用get url php字符串删除数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!