我在Android项目中使用php脚本从数据库中删除一个lign。以下是php文件内容:
<?php
$pseudo = $_POST['pseudo'];
define('HOST','localhost');
define('USER','root');
define('PASS','');
define('DB','ract');
$con = mysqli_connect(HOST,USER,PASS,DB);
$sql = "DELETE from utilisateur where pseudo=$pseudo";
$res = mysqli_query($con,$sql);
?>
我认为将pseudo与$pseudo 进行比较的主要问题
看在上帝的份上,保护您的查询不受SQL注入的影响:
$sql = "DELETE from utilisateur where pseudo = '".mysqli_real_escape_string($con, $pseudo)."'";
$sql = "DELETE from utilisateur where pseudo = '$pseudo'";