我正在尝试创建一个删除选项或按钮,用户可以在其中输入id并删除他们的约会,但目前如果他们输入任何id,它都会将其删除,我想限制用户,使他们只能删除自己的约会,而不能删除其他用户的约会。任何帮助都会很棒。这是我目前拥有的:
<?php foreach($rows as $row): ?>
<tr>
<td><?php echo htmlentities($row['id'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($row['date'], ENT_QUOTES, 'UTF-8');
?></td>
<td><?php echo htmlentities($row['month'], ENT_QUOTES, 'UTF-8');
?></td>
<td><?php echo htmlentities($row['hour'], ENT_QUOTES, 'UTF-8');
?></td>
<td><?php echo htmlentities($row['minute'], ENT_QUOTES, 'UTF-8');
?></td>
<td><?php echo htmlentities($row['illness'], ENT_QUOTES, 'UTF-8');
?></td>
<td><a href="delete_memberapp.php?id=<?php echo $row['id']; ?>">
delete </a></td>
</tr>
<?php endforeach; ?>
</table><br />
这是的表格
<form action="delete.php" method="post">
Enter Booking reference to delete appointment : <input type="text"
name="id" required><br><br>
<input type="submit" name="delete" value="Delete appointment">
</form>
这是删除文件:
if(isset($_POST['delete']))
{
try {
$pdoConnect = new PDO("mysql:host=localhost;dbname=doctor","root","");
} catch (PDOException $exc) {
echo $exc->getMessage();
exit();
}
$id = $_POST['id'];
$pdoQuery = "DELETE FROM `booking` WHERE `id` = :id";
$pdoResult = $pdoConnect->prepare($pdoQuery);
$pdoExec = $pdoResult->execute(array(":id"=>$id));
if($pdoExec)
{
echo 'Data Deleted';
}else
{
echo 'ERROR Data Not Deleted';
}
}
表格结构:
--
-- Table structure for table `booking`
--
CREATE TABLE IF NOT EXISTS `booking` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(10) NOT NULL,
`phone` varchar(10) NOT NULL,
`date` varchar(4) NOT NULL,
`month` varchar(10) NOT NULL,
`hour` varchar(5) NOT NULL,
`minute` varchar(5) NOT NULL,
`illness` varchar(10) NOT NULL,
`call_patient` varchar(3) NOT NULL,
`username` varchar(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=80 ;
就像你写的那样,你可以删除任何id的行。为了确保用户只能删除他的约会,你需要添加到你的查询中:
$username = $_SESSION['user']['username'];
$pdoQuery = "DELETE FROM `booking` WHERE `id` = '$id' AND `username`= '$username' ";
我只是假设了变量和表行的名称,但一般来说,它需要像这个一样完成
编辑:
试试这个:
$id = $_POST['id'];
$username = $_SESSION['user']['username'];
$pdoQuery = "DELETE FROM `booking` WHERE `id` = :id AND `username`= :username";
$pdoResult = $pdoConnect->prepare($pdoQuery);
$pdoExec = $pdoResult->execute(array(":id"=>$id,":username"=>$username));
如果booking
表有一个包含user_id
的字段,则应将user_id
添加到where
:
$pdoQuery = "DELETE FROM `booking` WHERE `id` = :id AND user_id = %USERID%";
如果您的booking
表没有这样的字段-您必须添加它,则没有其他选项。除非您有其他表格,其中存储某个用户的预订。