PHP 删除功能损坏
PHP Delete function broken
我试图让删除功能正常工作,但它总是失败。我已经看了好几个小时了,并在网上搜寻答案,但似乎没有任何效果。这个想法是在table中有一个按钮可以点击。单击时,它将 运行 选定行上的删除代码。
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
session_start();
if (isset($_COOKIE["user_cookie"])){
$username = $_COOKIE["user_cookie"];
}else{
$username = '';
}
if (isset($_GET['New'])) {
Cookie("Event", $_GET['New']);
}
if (isset($_COOKIE["user_type"])){
$userType = $_COOKIE["user_type"];
}else{
$userType = '';
}
include_once('config.php');
if (isset($_GET['delID']) && true){ // COOKIE HERE
$result = $mysqli->query("DELETE FROM oneuuid WHERE uuid = " . $_GET['delID']);
if ($result === false){
print("
<script type='text/javascript'>
alert('Failed to delete event')
</script>
");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>UUID </title> <!-- !!!!!!!!!!!!!!!!!!!!!!!!!LOOK HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-->
<meta name="viewport" content="width = device-width, initial-scale = 1.0" />
<link href = "css/bootstrap.min.css" rel = "stylesheet">
<link href = "css/styles.css" rel = "stylesheet">
<link href = "loginstylesheet.css" rel = "stylesheet">
<style type="text/css">
.clickable{
cursor: pointer;
cursor: hand;
}
.highcontrast {
background-color: #696969;
a, a:visited { color: white; }
}
</style>
</head>
<body>
<!-- div for toggle -->
<div id="toggle" style="height:260px">
<!-- div for toggle -->
<!--/.nav-collapse -->
<div class="col-md-3" id="leftCol">
<center>
<form action = "printStuff2.php" method = "post">
<input type = "text" name = "search" size="28" placeholder="Enter name..."/>
<input type = "Submit" class="styled-button-8" value = "Search"/>
</form>
</br>
</center>
</div>
<div class="container">
<div class="row">
<div class="col-md-9">
<!-- Main content on page -->
<br>
<?php error_reporting(E_ALL); ini_set('display_errors', 1);
//search bar code.
//Establish connection
include_once('config.php');
$mysqli = new mysqli($host,$user,$password,$db);
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
//variable to store user input, which we can work with.
if(!empty($_POST['search'])){
$searchq = $_POST['search'];
//SQL Query, it selects all from DB where users input is similar to, either school name, headmaster name or address
$query = mysqli_query($mysqli, "SELECT * FROM oneuuid WHERE name LIKE '%$searchq%'") or die(mysqli_error($mysqli));
$count = mysqli_num_rows($query);
// if the $search contains at least one row
print '<table class = "table table-hover">';
print '<tr>';
print '<th> SEARCH RESULT GENERATED </th>';
print '</tr>';
print '</table>';
if ($query->num_rows > 0) {
// output data of each row from $result
print '<table class = "table table-hover">';
print '<tr>';
print'<th> UUID</th>';
print'<th> Name</th>';
print' <th> Delete </th>';
print '</tr>';
while($row = $query->fetch_assoc()) {
print '<tr>';
print '<td>'.$row["uuid"].'</td>';
print '<td>'.$row["name"].'</td>';
print("<td class='centered clickable' onclick='deleteEvent(\"$row[uuid]\", \"$row[name]\")'><span class='glyphicon glyphicon-remove'></span></td>");
print '</tr>';
}
print '</table>';
}
else {
echo '0 results';
}
}
?>
<div class="container">
<div class="col-md-9">
<div class="panel panel-default">
<div class="panel-heading">Look UP!</div>
<table class="table table-hover">
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
function deleteEvent(uuid, name){
if (confirm("You are about to delete \"" + uuid + "\" this can not be undone.") == true) {
window.location.href = "printStuff2.php?" + "&delID=" + uuid;
}
}
</script>
</body>
</html
谢谢
您发送的是 UUID,但没有引用它们,所以您的查询最终是
DELETE ... WHERE uuid=12345-6789-a0735...
^---^--- numbers
^---unknown field name
根据 - 之间部分的内容,这些将被视为数字或字符串,这意味着您正在进行数学减法,或指定 unknown/illegal 字段名称。
您至少需要:
DELETE ... WHERE uuid='$_GET[id]'
^---------^
并且真的真的真的需要了解 sql injection attacks 在有人破坏您的服务器之前。
我试图让删除功能正常工作,但它总是失败。我已经看了好几个小时了,并在网上搜寻答案,但似乎没有任何效果。这个想法是在table中有一个按钮可以点击。单击时,它将 运行 选定行上的删除代码。
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
session_start();
if (isset($_COOKIE["user_cookie"])){
$username = $_COOKIE["user_cookie"];
}else{
$username = '';
}
if (isset($_GET['New'])) {
Cookie("Event", $_GET['New']);
}
if (isset($_COOKIE["user_type"])){
$userType = $_COOKIE["user_type"];
}else{
$userType = '';
}
include_once('config.php');
if (isset($_GET['delID']) && true){ // COOKIE HERE
$result = $mysqli->query("DELETE FROM oneuuid WHERE uuid = " . $_GET['delID']);
if ($result === false){
print("
<script type='text/javascript'>
alert('Failed to delete event')
</script>
");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>UUID </title> <!-- !!!!!!!!!!!!!!!!!!!!!!!!!LOOK HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!-->
<meta name="viewport" content="width = device-width, initial-scale = 1.0" />
<link href = "css/bootstrap.min.css" rel = "stylesheet">
<link href = "css/styles.css" rel = "stylesheet">
<link href = "loginstylesheet.css" rel = "stylesheet">
<style type="text/css">
.clickable{
cursor: pointer;
cursor: hand;
}
.highcontrast {
background-color: #696969;
a, a:visited { color: white; }
}
</style>
</head>
<body>
<!-- div for toggle -->
<div id="toggle" style="height:260px">
<!-- div for toggle -->
<!--/.nav-collapse -->
<div class="col-md-3" id="leftCol">
<center>
<form action = "printStuff2.php" method = "post">
<input type = "text" name = "search" size="28" placeholder="Enter name..."/>
<input type = "Submit" class="styled-button-8" value = "Search"/>
</form>
</br>
</center>
</div>
<div class="container">
<div class="row">
<div class="col-md-9">
<!-- Main content on page -->
<br>
<?php error_reporting(E_ALL); ini_set('display_errors', 1);
//search bar code.
//Establish connection
include_once('config.php');
$mysqli = new mysqli($host,$user,$password,$db);
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
//variable to store user input, which we can work with.
if(!empty($_POST['search'])){
$searchq = $_POST['search'];
//SQL Query, it selects all from DB where users input is similar to, either school name, headmaster name or address
$query = mysqli_query($mysqli, "SELECT * FROM oneuuid WHERE name LIKE '%$searchq%'") or die(mysqli_error($mysqli));
$count = mysqli_num_rows($query);
// if the $search contains at least one row
print '<table class = "table table-hover">';
print '<tr>';
print '<th> SEARCH RESULT GENERATED </th>';
print '</tr>';
print '</table>';
if ($query->num_rows > 0) {
// output data of each row from $result
print '<table class = "table table-hover">';
print '<tr>';
print'<th> UUID</th>';
print'<th> Name</th>';
print' <th> Delete </th>';
print '</tr>';
while($row = $query->fetch_assoc()) {
print '<tr>';
print '<td>'.$row["uuid"].'</td>';
print '<td>'.$row["name"].'</td>';
print("<td class='centered clickable' onclick='deleteEvent(\"$row[uuid]\", \"$row[name]\")'><span class='glyphicon glyphicon-remove'></span></td>");
print '</tr>';
}
print '</table>';
}
else {
echo '0 results';
}
}
?>
<div class="container">
<div class="col-md-9">
<div class="panel panel-default">
<div class="panel-heading">Look UP!</div>
<table class="table table-hover">
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
function deleteEvent(uuid, name){
if (confirm("You are about to delete \"" + uuid + "\" this can not be undone.") == true) {
window.location.href = "printStuff2.php?" + "&delID=" + uuid;
}
}
</script>
</body>
</html
谢谢
您发送的是 UUID,但没有引用它们,所以您的查询最终是
DELETE ... WHERE uuid=12345-6789-a0735...
^---^--- numbers
^---unknown field name
根据 - 之间部分的内容,这些将被视为数字或字符串,这意味着您正在进行数学减法,或指定 unknown/illegal 字段名称。
您至少需要:
DELETE ... WHERE uuid='$_GET[id]'
^---------^
并且真的真的真的需要了解 sql injection attacks 在有人破坏您的服务器之前。