为了账号安全,请及时绑定邮箱和手机立即绑定

带有用户 ID 变量的 MYSQL 的 HTTP 删除请求

带有用户 ID 变量的 MYSQL 的 HTTP 删除请求

PHP
Cats萌萌 2022-10-14 15:52:54
您好我正在尝试使用 where 子句从 MYSQL 数据库中的表中删除记录。这是我到目前为止所拥有的,但它不起作用,我不知道该怎么做。有没有办法使这项工作?我已经包含了我的删除方法和 php 文件代码。我的网址 - deleteCompletedGoal=("http://10.0.2.2/deleteCompletedGoalAddress.php?user_goal_id="+completed_goalID);我的代码 - private void deleteNonActiveGoal(){        try {            URL url = new URL(deleteCompletedGoal);            HttpURLConnection http = (HttpURLConnection) url.openConnection();            http.setRequestMethod("POST");            http.setRequestProperty("X-HTTP-Method-Override", "DELETE");            http.setDoInput(true);            http.setDoOutput(true);            OutputStream ops = http.getOutputStream();            BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(ops, "UTF-8"));            String data = URLEncoder.encode("user_goal_id", "UTF-8") + "=" + URLEncoder.encode(completed_goalID, "UTF-8") + "&&";            writer.write(data);            writer.flush();            writer.close();            ops.close();            InputStream ips = http.getInputStream();            BufferedReader reader = new BufferedReader(new InputStreamReader(ips, "ISO-8859-1"));            String line;            while ((line = reader.readLine()) != null) {                result += line;            }            reader.close();            ips.close();            http.disconnect();        }        catch (MalformedURLException e) {            result = e.getMessage();        } catch (IOException e) {            result = e.getMessage();        }    }PHP 文件:<?phprequire "connection.php";$completed_goalID=$_POST["user_goal_id"];$mysql_qry = "DELETE from user_goals WHERE user_goal_id ='$completed_goalID'";if($conn->query($mysql_qry) === TRUE) {echo "delete successful";}else{echo "delete failed";}$conn->close();?>
查看完整描述

2 回答

?
阿波罗的战车

TA贡献1862条经验 获得超6个赞

由于您在查询字符串中发送变量,因此您将使用 GET 而不是 POST。改变:

 $completed_goalID=$_POST["user_goal_id"];

$completed_goalID=$_GET["user_goal_id"];

警告

Little Bobby您的脚本面临 SQL 注入攻击的风险。了解MySQLi的预处理语句。即使转义字符串也不安全!


查看完整回答
反对 回复 2022-10-14
?
慕森王

TA贡献1777条经验 获得超3个赞

使用 $_GET 获取来自 url 的变量,例如:

$completed_goalID=$_GET["user_goal_id"];

更改查询以防止 sql 攻击(参考),例如:

 <?php

    require "connection.php";


    $completed_goalID=$_POST["user_goal_id"];



    $mysql_qry = $conn->prepare("DELETE from user_goals WHERE user_goal_id=?");

    $mysql_qry->bind_param('i',$completed_goalID);

    if($mysql_qry->execute() === TRUE){


    echo "delete successful";

    }

    else{

    echo "delete failed";

    }

   $mysql_qry->close();

    $conn->close();

    ?>


查看完整回答
反对 回复 2022-10-14
  • 2 回答
  • 0 关注
  • 91 浏览

添加回答

举报

0/150
提交
取消
微信客服

购课补贴
联系客服咨询优惠详情

帮助反馈 APP下载

慕课网APP
您的移动学习伙伴

公众号

扫描二维码
关注慕课网微信公众号