此示例删除代码不会从数据库中删除项目

Question

这是我创建的用于删除条目MySQL数据库的示例删除代码。当我执行此代码时，显示成功消息，但条目不会从数据库中删除。记录保存跟踪在“事件”表“身份证”

<?php 
    require 'dbconnect.php'; 
    session_start(); 
    $id=$_SESSION['id']; 
    $id = "0"; 

    if (!empty($_GET['id'])) { 
     $id = $_REQUEST['id']; 
    } 

    if (!empty($_POST)) { 
     // keep track post values 
     $id = $_POST['id']; 

     // delete data 


     $sql="DELETE * FROM events WHERE events.id='$id'"; //mysqli query 
     $result=mysqli_query($conn,$sql); //connection string and mysqli query variable 


    if($result==true) 
      { 
    echo "<script type='text/javascript'>alert('successfully DELETED!')</script>"; // javascript message for Successful delete 
    echo "<script>setTimeout(\"location.href = 'list_events.php';\",15);</script>"; // return page 

      } 
      else 
      { 
    echo "<script type='text/javascript'>alert('failed to DELETE RETRY!')</script>"; //failed to delete message 
    echo "<script>setTimeout(\"location.href = 'list_events.php';\",15);</script>"; //return page 
      } 
      header("Location: list_events.php"); // header page 

     } 
    ?> 

Answer 1

使用DELETE FROM代替DELETE * FROM，你可以用下面的命令以提高安全性：

$sql="DELETE FROM events WHERE events.id=?"; 
$stmt = $mysqli->prepare($sql); 
$stmt->bind_param('d',$id); 
/* execute prepared statement */ 
$result = $stmt->execute(); 

Answer 2

主键可以使用此

$sql="DELETE FROM events WHERE events.id='{$id}'"; //mysqli query 

为了安全起见。 检查您是否在$ id中获得某些值，并且它也存在于数据库中。