PHP / MySQL的 - 如何自动生成一个已经自动生成的表中的行的删除链接? [英] PHP/MySQL - how to auto generate delete link for a row in an already auto generated table?

查看:94
本文介绍了PHP / MySQL的 - 如何自动生成一个已经自动生成的表中的行的删除链接?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个PHP脚本,它读取数据库表并将所有行插入HTML表格,直到它显示所有可用的行,如下所示: 

  require_once( 'dbconnect.php'); 
 
 $ sql = 
选择
 ID,网站,类型,请求,报价,
 PO,CAD,MCS,DFP,
 SIM,先决条件,Design,Report,Delivered 
 FROM Predictions; 
 
 $ result = $ conn-> query($ sql); 
 
 if($ result-> num_rows> 0){
 echo'< table class =table table-hover table-condensed>'; 
 
 while($ row = $ result-> fetch_assoc()){
 echo 
'< tbody>'。 
'< tr>'。 
'< td>'。$ row ['ID']。'< / td>'。 
'< td>'。$ row ['Site']。'< / td>'。 
'< td>'。$ row ['Type']。'< / td>'。 
'< td>'。$ row ['Requested']。'< / td>'。 
'< td>'。$ row ['Quote']。'< / td>'。 
'< td>'。$ row ['PO']。'< / td>'。 
'< td>'。$ row ['CADs']。'< / td>'。 
'< td>'。$ row ['MCS']。'< / td>'。 
'< td>'。$ row ['DFP']。'< / td>'。 
'< td>'。$ row ['SIM']。'< / td>'。 
'< td>'。$ row ['Prereqs']。'< / td>'。 
'< td>'。$ row ['Design']。'< / td>'。 
'< td>'。$ row ['Report']。'< / td>'。 
'< td>'。$ row ['Delivered']。'< / td>'。 
'< td>'。 
'< a href =#>'。 
'< span class =edit>< i class =fa fa-pencil>< / i>< / span>'。 
'< / a> | < a href =#>'。 
'< span class =delete>< i class =fa fa-times>< / i>< / span>'。 
'< / a>'。 
'< / td>'。 
'< / tr>'。 
'< / tbody>'; 
} 
 
 echo< / table>; 
} 
 else 
 echo0 results; 
 
 $ conn-> close();

这一切都正常,但现在我想拥有本质上是删除按钮(您可以看到上面的标记会创建图标/链接),该标记将自动填充以与mysql数据库表的适当ID相对应。 表格中的图片表达了我要去的视觉想法。



到目前为止,我的删除脚本在下面,但我不知道应该在WHERE id =中放置什么,或者一旦设置正确后如何将它合并到我的第一个脚本中。 

 <?php 
 require_once('dbconnect.php'); 
 
 $ sql =DELETE FROM Predictions WHERE id =; 
 
 if($ conn-> query($ sql)=== TRUE)
 echoItem deleted successfully; 
 else 
回显错误删除记录;。 $ conn->误差; 
 
 $ conn-> close();

所以基本上我需要建议来修改这两个脚本,以便删除链接(或表单,I不关心)在第一个脚本中生成,然后应用第二个脚本并知道要使用的相应ID。在我寻找解决这个问题的过程中,我看到了一些使用_GET的潜在解决方案,但在同一个线程中,其他人说这实际上是一个非常糟糕和不安全的解决方案..所以我非常困惑!



我正在学习PHP,而且我只在这里工作了大约2天,所以请怜悯:)

解决方案

更改此

 < a href ='#'>< span class = '删除' > 
  

 < a href ='deletepage.php?id =。$ row [ID]。'>< span class ='delete'>

然后在deletepage.php中,无论您打算如何调用该页面, p> 

  require_once('dbconnect.php'); 
 $ id =(int)$ _ GET ['id']; 
 $ sql =DELETE FROM Predictions WHERE id =。 $ ID; 
 if($ conn-> query($ sql)=== TRUE){
 echoItem deleted successfully; 
} else {
 echo删除记录时出错;。 $ conn->误差; 
} 
 $ conn-> close();

我不知道您在这里使用的驱动程序,但首选的解决方案是使用准备好的语句使用参数化查询。



几乎所有您通过 GET 来发送 id / code>参数到你的删除页面。该页面接受该值,将其转换为 int 以避免SQL注入(在下面进一步阅读),然后删除数据。您也可以使用标题来将它们重定向到上一页,而不是回应成功。您可以将 GET 参数附加到该网址,以显示成功消息。 (或者你可以在同一页面上完成所有这些操作,并检查是否正在发送 id )。



你也应该有一个安全的登录系统背后的这个网页。您不希望任何用户/机器人能够执行 deletepage.php



如何防止SQL注入PHP?
http://php.net/manual/en/security.database.sql-injection.php
https://www.owasp .org / index.php / SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29

我猜你正在使用 mysqli 因此,请查看此文档以获取该驱动程序的准备语句, http://php.net/manual/cn/mysqli.quickstart.prepa red-statements.php


I have a PHP script that reads a database table and inserts all the rows into an HTML table until it's displayed all available rows as shown here: 

require_once('dbconnect.php');

$sql = 
  "SELECT 
      ID, Site, Type, Requested, Quote,
      PO, CADs, MCS, DFP,
      SIM, Prereqs, Design, Report, Delivered 
    FROM Predictions";

$result = $conn->query($sql);

if ($result->num_rows > 0) {
  echo '<table class="table table-hover table-condensed">';

  while($row = $result->fetch_assoc()) {
    echo
      '<tbody>'.
        '<tr>'.
          '<td>'.$row['ID'].'</td>'.
          '<td>'.$row['Site'].'</td>'.
          '<td>'.$row['Type'].'</td>'.
          '<td>'.$row['Requested'].'</td>'.
          '<td>'.$row['Quote'].'</td>'.
          '<td>'.$row['PO'].'</td>'.
          '<td>'.$row['CADs'].'</td>'.
          '<td>'.$row['MCS'].'</td>'.
          '<td>'.$row['DFP'].'</td>'.
          '<td>'.$row['SIM'].'</td>'.
          '<td>'.$row['Prereqs'].'</td>'.
          '<td>'.$row['Design'].'</td>'.
          '<td>'.$row['Report'].'</td>'.
          '<td>'.$row['Delivered'].'</td>'.
          '<td>'.
            '<a href="#">'.
              '<span class="edit"><i class="fa fa-pencil"></i></span>'.
            '</a> | <a href="#">'.
              '<span class="delete"><i class="fa fa-times"></i></span>'.
            '</a>'.
          '</td>'.
        '</tr>'.
      '</tbody>';
  }

  echo "</table>";
}
else
  echo "0 results";

$conn->close();

That all works fine, but now I want to have what is essentially a delete button (you can see the markup above that creates the icon/link) that will populate automatically to correspond with the appropriate ID for the mysql database table. Image of table for visual idea of what I'm going for.

My delete script so far is below, but I have no idea what to put in the "WHERE id=", or how to incorporate it into my first script once it's setup properly. 

<?php
require_once('dbconnect.php');

$sql = "DELETE FROM Predictions WHERE id=";

if($conn->query($sql) === TRUE)
  echo "Item deleted successfully";
else
  echo "Error deleting record; ". $conn->error;

$conn->close();

So basically I need advice to modify both of these scripts so that a delete link (or form, I don't care) is generated in the first script then applies the second script and it knows the corresponding id to use. In my search to solve this problem I saw some potential solutions using _GET, but in the same thread others said that is in fact a very bad and insecure solution.. so I'm very confused!

I'm learning PHP as I go, and I've only been going at it for about 2 days, so please have mercy :)

解决方案

Change this

<a href='#'><span class='delete'>

to 

<a href='deletepage.php?id=" . $row["ID"] . "'><span class='delete'>

then on "deletepage.php", whatever you are going to call that page do something like

require_once('dbconnect.php');
$id = (int)$_GET['id'];
$sql = "DELETE FROM Predictions WHERE id=" . $id;    
if($conn->query($sql) === TRUE) {
    echo "Item deleted successfully";
} else {
    echo "Error deleting record; ". $conn->error;
}
$conn->close();

I don't know what driver you are using here but the preferred solution would be using a prepared statement with a parameterized query.

So pretty much you send the id via a GET parameter to your "delete page". That page takes that value, casts it to an int to avoid SQL injections (read further below), and then deletes the data. You also could instead of echoing a success there use a header to redirect them to the previous page. You could append a GET parameter to that url display a success message. (or you could always do all this on the same page and just check if the id is being sent).

Also you should have this page behind someone secure login system. You don't want any user/bot able to execute that deletepage.php.

How can I prevent SQL injection in PHP?
http://php.net/manual/en/security.database.sql-injection.php
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29

I'm guessing you are using mysqli so take a look at this doc for prepared statements with that driver, http://php.net/manual/en/mysqli.quickstart.prepared-statements.php.

这篇关于PHP / MySQL的 - 如何自动生成一个已经自动生成的表中的行的删除链接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆