对于一个网络应用程序,我正在构建的删除用户功能停止工作。我没有更改与此功能相关的任何内容。所以我很纳闷。 我在 Chrome(和应用程序)中安装了 PHP 控制台。但它没有给出任何错误或警告。
我正在使用 bootbox 来验证用户是否确实应该被删除:
function delete_id(id, fullname) {
bootbox.confirm({
size: 'small',
message: '<i class="glyphicon glyphicon-question-sign orange"></i>Are you sure you want to delete user "'+fullname+'"?',
callback: function(result) {
if(result) {
window.location.href = '?delete_id='+id;
}
}
});
}
然后它应该通过我的 php 函数传递:
function delete_user ($mysqli) {
if(isset($_GET['delete_id'])) {
$sql_name = "SELECT * FROM users WHERE uid='".$_GET['delete_id']."'";
$result_name = $mysqli->query($sql_name);
$row = $result_name->fetch_assoc();
$sql_log = "DELETE FROM loginlog WHERE uid='".$row['uid']."'";
$result_log = $mysqli->query($sql_log);
$sql_user = "DELETE FROM users WHERE uid='".$row['uid']."'";
$result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
$_SESSION['success'] = "User \"".$row['firstname']." ".$row['prefix']." ".$row['lastname']."\" is deleted.";
header("location: ".BASE_PATH."/includes/views/users.php");
exit();
}
}
在users.php
中调用delete_user()
函数
这工作得很好,但现在不行了..我忽略了什么吗?
最佳答案
我建议:
function delete_user ($mysqli, $id) {
if(isset($id)) {
$sql_name = sprintf("SELECT * FROM users WHERE uid='%d'", $id);
$result_name = $mysqli->query($sql_name);
$row = $result_name->fetch_assoc();
$sql_log = "DELETE FROM loginlog WHERE uid='{$row['uid']}'";
$result_log = $mysqli->query($sql_log);
$sql_user = "DELETE FROM users WHERE uid='{$row['uid']}'";
$result_user = $mysqli->query($sql_user) or die(mysqli_errno($mysqli));
$_SESSION['success'] = "User \"{$row['firstname']} {$row['prefix']} {$row['lastname']}\" is deleted.";
return true;
} else {
return false;
}
}
然后就可以执行:
if(delete_user($sql, $_GET['id'])){
header("location: ".BASE_PATH."/includes/views/users.php");
}
即使在 Intranet 中,使用最佳实践总是好的。一个胭脂用户或自认为知道一点东西的人,你可能会丢失表或行被抓。始终保护用户输入的数据,尤其是用户输入的数据。
关于javascript - $_GET 停止用于删除记录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32012731/