请帮我查看我的代码,即时通讯工作,如删除记录。但我无法执行删除操作。我做了一个查询,以获得我的候选人的所有记录,然后每个候选人我把删除链接。如果我错了,请提供建议。继承我的代码。无法执行删除
<?php
$year = date("Y");
if ($result = $mysqli->query("SELECT
tbl_position.positionName,
tbl_candidate.candId,
tbl_candidate.studId,
tbl_student.fname,
tbl_student.lname,
tbl_student.mname,
tbl_candidate.sy,
tbl_department.departmentName
FROM
tbl_candidate
Inner Join tbl_position ON tbl_candidate.positionId = tbl_position.positionId
Inner Join tbl_student ON tbl_candidate.studId = tbl_student.studId
Inner Join tbl_department ON tbl_student.departmentId = tbl_department.departmentId
WHERE
tbl_candidate.sy = '$year'
ORDER BY
tbl_candidate.positionId ASC,
tbl_candidate.studId ASC")) {
echo "<h8><strong>List of Candidates<br></strong></h8>";
if ($result->num_rows > 0)
{
echo "<table width='1000' border='0'>";
echo "<tr>
<th>Position</th><th></th><th>Student ID</th><th></th><th>Name</th>
<th></th><th>School Year</th><th></th><th>Department</th>
<th></th><th></th></tr>";
while ($row = $result->fetch_object())
{echo "<tr>";
echo "<td align='center'>" .$row->positionName."</td>";
echo "<td> </td>";
echo "<td align ='center'>" . $row->studId . "</td>";
echo "<td> </td>";
echo "<td align ='center'>" . $row->fname . " ". $row->mname ." ". $row->lname ." </td>";
echo "<td> </td>";
echo "<td align='center'>" .$row->sy."</td>";
echo "<td> </td>";
echo "<td align='center'>" .$row->departmentName."</td>";
echo "<td> </td>";
echo "<td><a href='delete_cand.php?id=" . $row->candId ."'>Delete</a></td>";
echo"</tr>";
}
echo "</table>";
}
else
{
echo "No candidates are registered!";
}
}
$mysqli->close();
?>
我的继承人delete_cand.php
<?php
if (isset($_GET['candId']))
{
$id = $_GET['candId'];
if ($stmt = $mysqli->prepare("DELETE * FROM tbl_candidate WHERE candId = ? LIMIT 1"))
{
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->close();
}
else
{
echo "ERROR: could not prepare SQL statement.";
}
$mysqli->close();
}
?>
没有'DELETE * FROM tbl'语法 - 有'DELETE FROM tbl WHERE ...'同时使用GET请求进行数据库修改实际上是非常糟糕的做法和安全漏洞。阅读有关CSRF,然后通过POST执行此类请求。 – ddinchev 2013-02-26 07:07:26
@ Veseliq..thnks的意见,^ _^ – 2013-02-26 07:16:39