最受欢迎

使用pdo-php从登录的用户详细信息中删除行

Delete row from logged in user details using pdo php

本文关键字:详细信息 删除行 用户 pdo-php 登录 使用 | 更新日期: 2023-09-27

我正在尝试创建一个删除选项或按钮,用户可以在其中输入id并删除他们的约会,但目前如果他们输入任何id,它都会将其删除,我想限制用户,使他们只能删除自己的约会,而不能删除其他用户的约会。任何帮助都会很棒。这是我目前拥有的:

   <?php foreach($rows as $row): ?>
    <tr>
    <td><?php echo htmlentities($row['id'], ENT_QUOTES, 'UTF-8'); ?></td>
    <td><?php echo htmlentities($row['date'], ENT_QUOTES, 'UTF-8');  
    ?></td>
   <td><?php echo htmlentities($row['month'], ENT_QUOTES, 'UTF-8');  
   ?></td>
    <td><?php echo htmlentities($row['hour'], ENT_QUOTES, 'UTF-8'); 
    ?></td>
   <td><?php echo htmlentities($row['minute'], ENT_QUOTES, 'UTF-8'); 
    ?></td>
    <td><?php echo htmlentities($row['illness'], ENT_QUOTES, 'UTF-8'); 
    ?></td>
    <td><a href="delete_memberapp.php?id=<?php echo $row['id']; ?>"> 
   delete </a></td>
    </tr>
   <?php endforeach; ?>
   </table><br />

这是的表格

     <form action="delete.php" method="post">
      Enter Booking reference to delete appointment : <input type="text" 
      name="id" required><br><br>
      <input type="submit" name="delete" value="Delete appointment">
    </form>

这是删除文件:

      if(isset($_POST['delete']))
     {
     try {
    $pdoConnect = new PDO("mysql:host=localhost;dbname=doctor","root","");
   } catch (PDOException $exc) {
    echo $exc->getMessage();
    exit();
    }

     $id = $_POST['id'];

    $pdoQuery = "DELETE FROM `booking` WHERE `id` = :id";
    $pdoResult = $pdoConnect->prepare($pdoQuery);
      $pdoExec = $pdoResult->execute(array(":id"=>$id));
      if($pdoExec)
       {
       echo 'Data Deleted';
       }else
       {
    echo 'ERROR Data Not Deleted';
      }
    }

表格结构:

   --
   -- Table structure for table `booking`
          --
   CREATE TABLE IF NOT EXISTS `booking` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `name` varchar(10) NOT NULL,
  `phone` varchar(10) NOT NULL,
  `date` varchar(4) NOT NULL,
  `month` varchar(10) NOT NULL,
   `hour` varchar(5) NOT NULL,
  `minute` varchar(5) NOT NULL,
  `illness` varchar(10) NOT NULL,
  `call_patient` varchar(3) NOT NULL,
  `username` varchar(20) NOT NULL,
   PRIMARY KEY (`id`)
   ) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=80 ;

就像你写的那样,你可以删除任何id的行。为了确保用户只能删除他的约会,你需要添加到你的查询中:

$username = $_SESSION['user']['username'];
$pdoQuery = "DELETE FROM `booking` WHERE `id` = '$id' AND `username`= '$username' ";

我只是假设了变量和表行的名称,但一般来说,它需要像这个一样完成

编辑:

试试这个:

$id = $_POST['id'];
$username = $_SESSION['user']['username'];
$pdoQuery = "DELETE FROM `booking` WHERE `id` = :id AND `username`= :username";
$pdoResult = $pdoConnect->prepare($pdoQuery);
$pdoExec = $pdoResult->execute(array(":id"=>$id,":username"=>$username));

如果booking表有一个包含user_id的字段,则应将user_id添加到where:

$pdoQuery = "DELETE FROM `booking` WHERE `id` = :id AND user_id = %USERID%";

如果您的booking表没有这样的字段-您必须添加它,则没有其他选项。除非您有其他表格,其中存储某个用户的预订。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习