1. 首页
  2. 问答
  3. 无法执行删除

无法执行删除

2013-02-26 51 views
-3

请帮我查看我的代码,即时通讯工作,如删除记录。但我无法执行删除操作。我做了一个查询,以获得我的候选人的所有记录,然后每个候选人我把删除链接。如果我错了,请提供建议。继承我的代码。无法执行删除

<?php 
      $year = date("Y"); 
      if ($result = $mysqli->query("SELECT 
      tbl_position.positionName, 
      tbl_candidate.candId, 
      tbl_candidate.studId, 
      tbl_student.fname, 
      tbl_student.lname, 
      tbl_student.mname, 
      tbl_candidate.sy, 
      tbl_department.departmentName 
      FROM 
      tbl_candidate 
      Inner Join tbl_position ON tbl_candidate.positionId = tbl_position.positionId 
      Inner Join tbl_student ON tbl_candidate.studId = tbl_student.studId 
      Inner Join tbl_department ON tbl_student.departmentId = tbl_department.departmentId 
      WHERE 
      tbl_candidate.sy = '$year' 
      ORDER BY 
      tbl_candidate.positionId ASC, 
      tbl_candidate.studId ASC")) { 
      echo "<h8><strong>List of Candidates<br></strong></h8>"; 
      if ($result->num_rows > 0) 
          { 
    echo "<table width='1000' border='0'>"; 
       echo "<tr> 
    <th>Position</th><th></th><th>Student ID</th><th></th><th>Name</th> 
    <th></th><th>School Year</th><th></th><th>Department</th> 
    <th></th><th></th></tr>"; 

       while ($row = $result->fetch_object()) 
      {echo "<tr>"; 
    echo "<td align='center'>" .$row->positionName."</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align ='center'>" . $row->studId . "</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align ='center'>" . $row->fname . " ". $row->mname ." ". $row->lname ." </td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align='center'>" .$row->sy."</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td align='center'>" .$row->departmentName."</td>"; 
    echo "<td> &nbsp; &nbsp; &nbsp; &nbsp;</td>"; 
    echo "<td><a href='delete_cand.php?id=" . $row->candId ."'>Delete</a></td>"; 
    echo"</tr>"; 
    } 
    echo "</table>"; 
    } 
    else 
      { 
      echo "No candidates are registered!"; 
       } 
    } 
    $mysqli->close(); 
    ?>

我的继承人delete_cand.php

<?php 
    if (isset($_GET['candId'])) 
    { 
    $id = $_GET['candId']; 
      if ($stmt = $mysqli->prepare("DELETE * FROM tbl_candidate WHERE candId = ? LIMIT 1")) 
      { 
        $stmt->bind_param("i",$id);  
        $stmt->execute(); 
        $stmt->close(); 
      } 
      else 
      { 
        echo "ERROR: could not prepare SQL statement."; 
      } 
      $mysqli->close(); 
    } 
    ?>

来源

2013-02-26 Pot Pot

+0

没有'DELETE * FROM tbl'语法 - 有'DELETE FROM tbl WHERE ...'同时使用GET请求进行数据库修改实际上是非常糟糕的做法和安全漏洞。阅读有关CSRF,然后通过POST执行此类请求。 – ddinchev 2013-02-26 07:07:26

+0

@ Veseliq..thnks的意见,^ _^ – 2013-02-26 07:16:39

回答

1

您有delete_cand.php?id=链接(查询参数是id),但是你检查基于canId ... if (isset($_GET['candId'])),使代码永远不会查询字符串变量运行..

来源

2013-02-26 06:14:09 Ben

+0

请帮我修正它.. plss ... im仍然是空白。 – 2013-02-26 06:33:47

+0

真的吗?只要确保使用相同的查询字符串参数(id或canId,但不能同时使用) – Ben 2013-02-26 08:58:01

0

更改您的delete_cond.php,如下所示。

<?php 
if (isset($_GET['id'])) 
{ 
     $id = $_GET['id']; 
     $stmt = $mysqli->prepare("DELETE * FROM tbl_candidate WHERE candId = ? LIMIT 1"); 
     $stmt->bind_param("i",$id); 

    if ($stmt->execute()) 
    {       
     echo "Record Deleted"; 
     $stmt->close(); 
    } 
    else 
    { 
     echo "ERROR: could not prepare SQL statement."; 
    } 
     $mysqli->close(); 
} 
?>

并根据您的要求更改您的打印声明。

来源

2013-02-26 07:31:34 Prabu

相关问题

 相关问题