$_GET删除记录停止工作

$_GET stopped working for deleting records

本文关键字:记录 停止工作 删除 GET      更新时间:2023-09-26

对于一个web应用程序,我正在构建删除用户功能停止工作。我没有改变任何与这个函数相关的东西。所以我很困惑。我有PHP控制台安装在chrome(和应用程序)。但是它没有给出任何错误或警告。

我正在使用bootbox来验证用户是否真的应该被删除:

function delete_id(id, fullname) {
    bootbox.confirm({
        size: 'small',
        message: '<i class="glyphicon glyphicon-question-sign orange"></i>Are you sure you want to delete user "'+fullname+'"?',
        callback: function(result) {
            if(result) {
                window.location.href = '?delete_id='+id;
            } 
        }
    });
}

然后它应该通过php函数传递:

function delete_user ($mysqli) {
    if(isset($_GET['delete_id'])) {
        $sql_name = "SELECT * FROM users WHERE uid='".$_GET['delete_id']."'";
        $result_name = $mysqli->query($sql_name);
        $row = $result_name->fetch_assoc();
        $sql_log = "DELETE FROM loginlog WHERE uid='".$row['uid']."'";
        $result_log = $mysqli->query($sql_log);
        $sql_user = "DELETE FROM users WHERE uid='".$row['uid']."'";
        $result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
        $_SESSION['success'] = "User '"".$row['firstname']." ".$row['prefix']." ".$row['lastname']."'" is deleted.";
        header("location: ".BASE_PATH."/includes/views/users.php");
        exit();
    }
}

users.php中调用delete_user()函数这工作很好,但现在它不再…我是不是忽略了什么?

我建议:

function delete_user ($mysqli, $id) {
    if(isset($id)) {
        $sql_name = sprintf("SELECT * FROM users WHERE uid='%d'", $id);
        $result_name = $mysqli->query($sql_name);
        $row = $result_name->fetch_assoc();
        $sql_log = "DELETE FROM loginlog WHERE uid='{$row['uid']}'";
        $result_log = $mysqli->query($sql_log);
        $sql_user = "DELETE FROM users WHERE uid='{$row['uid']}'";
        $result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
        $_SESSION['success'] = "User '"{$row['firstname']} {$row['prefix']} {$row['lastname']}'" is deleted.";
        return true;
    } else {
        return false;
    }
}

则可以执行:

if(delete_user($sql, $_GET['id'])){
    header("location: ".BASE_PATH."/includes/views/users.php");
}

使用最佳实践总是好的,即使在内部网中。如果有一个用户或者某个自认为知道一些事情的人,那么您可能会丢失一些表或者损坏一些行。永远保护你的用户输入的数据,特别是从用户。

相关文章: