>我正在尝试解决从mysql中删除记录的问题,请参阅代码
<?php
$dbcs = new mysqli("localhost", "root", "password", "database-name");
// Check connection
if (mysqli_connect_errno($dbcs))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$product_list = "";
$sql = "SELECT * FROM product ORDER BY product_id DESC";
$result=mysqli_query($dbcs,$sql);
while($row = mysqli_fetch_array($result)){
$product_id = $row["product_id"];
$product_name = $row["product_name"];
$product_category = $row["product_category"];
$product_retail_price = $row["product_retail_price"];
$product_price = $row["product_price"];
$product_detail = $row["product_detail"];
$product_image = $row["screenshot"];
$screenshot = $row["screenshot"];
$product_list .= '<table width="80%" border="1">
<tr>
<td width="172" valign="top"> echo <img src="' . GW_UPLOADPATH . $screenshot .'" width="111" height="149" alt="<?php echo $product_name; ?>" /><br /><a href="../product_images/<?php echo $product_id; ?>.jpg">View Full Size Image</a></td>
<td width="85" class="product-text">' . $product_id . '</td>
<td width="402" class="product-text">' . $product_name . '</td>
<td width="108" align="center" class="product-text">' . $product_price . '</td>
<td width="34" align="center" class="product-text"><a href="edit_product.php?pid=' . $product_id . '">Edit</a></td>
<td width="56" align="center" class="product-text"><a href="product.php?deleteid=' . $product_id . '">Delete </a></td>
<td width="56" align="center" class="product-text"><a href="view_product.php?pid=' . $product_id . '">View</a></td>
</tr>
</table> ';
}
if (empty($product_list)) {
$product_list = "You have no product listed in your data yet";
}
mysqli_close($dbcs);
?>
然后这是针对 PHP 删除代码的
<?php
///////////////////////////////////////////////////////////////////////////
// Delete Item Question to Admin, and Delete Product if they choose
///////////////////////////////////////////////////////////////////////////
if (isset($_GET['deleteid'])) {
echo 'Do you really want to delete product with ID of ' . $_GET['deleteid'] . '? <a href="product.php?yesdelete=' . $_GET['deleteid'] . '">Yes</a> | <a href="product.php">No</a>';
exit();
}
if (isset($_GET['yesdelete'])) {
//////////////////////////////////////////////////////////
// remove item from system and delete its picture
// delete from database
//////////////////////////////////////////////////////////
$id_to_delete = $_GET['yesdelete'];
$sql ("DELETE FROM product WHERE product_id='$id_to_delete' LIMIT 1") or die (mysql_error());
/////////////////////////////////////////////////////////////
// unlink the image from server
// Remove The Pic -------------------------------------------
/////////////////////////////////////////////////////////////
$pictodelete = ("../product_images/$id_to_delete.jpg");
if (file_exists($pictodelete)) {
unlink($pictodelete);
}
header("location: product.php");
exit();
}
?>
当我运行它以选择项目并通过按删除并按是删除时,我收到错误说
Fatal error: Call to undefined function SELECT * FROM product ORDER BY product_id DESC() in C:'VertrigoServ'www'shopone'admin'data'product.php on line 131
他的意思是什么,怎么能解决呢!是
拼写错误:
$sql ("DELETE FROM ...
^---missing =
而且您容易受到SQL注入攻击。在了解问题以及如何避免它之前,不要使用此代码。
首先,您将字符串保存到变量$sql
...
$sql = "SELECT * FROM product ORDER BY product_id DESC";
。然后调用一个函数,其名称在变量 $sql
中表示。
$sql ("DELETE FROM product WHERE product_id='$id_to_delete' LIMIT 1")
您正在使用变量作为函数。我猜你想使用函数mysqli_query()
.
你正在使用$sql
类似的函数,所以 PHP 正在尝试用它的名字来执行函数。
您必须使用 mysql_query()
来要求查询。
还要考虑迁移到 PDO
,这比弃用的mysql_*
要好(prepared statements
也值得学习)。
编辑:当时这太长了,无法发表评论,我今天添加了一些其他细节。
-
mysql_error()
不会与mysqli_ API 混合。它需要读作mysqli_error($dbcs)
.
我使用您的源代码在自己的Web服务器上创建了一个表,并得出以下结论。
但首先,如果您的删除文件/函数位于单独的文件中,那么您将需要该文件中的数据库连接凭据,否则它将不起作用,除非您将其作为包含或全局设置。
在您的情况下,它将类似于:
$dbcs = new mysqli("localhost", "root", "password", "database-name");
mysqli_query($dbcs,"DELETE FROM product WHERE product_id='$id_to_delete' LIMIT 1") or die (mysqli_error($dbcs));
取代:
$sql ("DELETE FROM product WHERE product_id='$id_to_delete' LIMIT 1") or die (mysqli_error($dbcs));
跟:
mysqli_query($sql,"DELETE FROM product WHERE product_id='$id_to_delete' LIMIT 1") or die (mysqli_error($dbcs));
或者在您的情况下,它可能是:
mysqli_query($dbcs,"DELETE FROM product WHERE product_id='$id_to_delete' LIMIT 1") or die (mysqli_error($dbcs));
但是,这是对SQL注入开放的。为此,最好使用准备好的语句。
- https://en.wikipedia.org/wiki/Prepared_statement
但是,如果$id_to_delete
始终是整数,则可以使用它(int)
。
即:
$id_to_delete = (int)$_GET['yesdelete'];