我试图修改这个脚本,这样,而不是返回数据库中的所有结果,我被限制在一个小集合。
但是,当我使用POST来获取通过的搜索词时,我破坏了删除记录的能力。
我可以使用不带变量的查询或者预先设置了变量的查询,但不能使用POST命令。
。
$sql="SELECT * FROM $table WHERE name='bob'"; //deleting items works after this query
$name='bobo';
$sql="SELECT * FROM $table WHERE name='$name'"; //deleting items works after this query
$name=mysql_real_escape_string($_POST['searchterm'];
$sql="SELECT * FROM $table WHERE name='$name'"; //deleting items fails after this query
我试图查看结果集返回的内容,但似乎无法捕获查询的任何输出。
我不知道为什么使用post命令会破坏查询。
这是我修改后的代码:
<?php
$host="localhost";
$username="foo";
$password="bar";
$db_name="Alerts";
$tbl_name="SearchTermsAndContactAddress";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$address=mysql_real_escape_string($_POST['SearchAddress']);
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '007@gmail.com' ORDER BY searchterms ASC"); //the delete does work
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '$address' ORDER BY searchterms ASC"); //delete doesn't work
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '%s' ORDER BY searchterms DESC", mysql_real_escape_string($_POST['SearchAddress']) ); //this doesn't work either
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '$_POST[SearchAddress]' ORDER BY searchterms DESC" ); // it doesn't work with this query
#$sql=sprintf( "SELECT * FROM $tbl_name ORDER BY searchterms DESC" ); //it does work with this query
echo $sql;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
?>
<table width="400" border="0" cellspacing="1" cellpadding="0">
<tr>
<td><form name="form1" method="post" action="">
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td bgcolor="#FFFFFF"> </td>
<td colspan="4" bgcolor="#FFFFFF"><strong>Delete multiple rows in mysql</strong> </td>
</tr>
<tr>
<td align="center" bgcolor="#FFFFFF">#</td>
<td align="center" bgcolor="#FFFFFF"><strong>Id</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Search Term</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Address</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Attach Image</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center" bgcolor="#FFFFFF"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $rows['prim_key']; ?>"></td>
<td bgcolor="#FFFFFF"><? echo $rows['prim_key']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['searchterms']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['contactaddress']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['ImageAttachment']; ?></td>
</tr>
<?php
}
?>
<tr>
<td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td>
</tr>
<?
//try closing and starting a new connection
/*
mysql_close();
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB"); // yeah this didn't work
*/
// Check whether delete button active, start this
if ($delete) {
for ($i=0;$i<$count;$i++) {
$del_id = $checkbox[$i];
$sql = "DELETE FROM $tbl_name WHERE prim_key='$del_id'";
// $sql = "DELETE FROM $tbl_name WHERE id='10'"; //using a static query didn't solve the problem.
$result = mysql_query($sql);
}
// if successful redirect to delete_multiple.php
if ($result) {
echo $result; // this will return "Resource id #2" when it fails or it will return the # of affected rows when it succeeds
// while($row = mysql_fetch_assoc($result)) {
while ($row = mysql_fetch_array($result)) {
echo $row['num'];
echo "damn"; //this isn't being printed
}
echo "<meta http-equiv='"refresh'" content='"4;URL=delete_multiple3.php'">";
}
}
mysql_close();
?>
</table>
</form>
</td>
</tr>
</table>
我是php新手,对MySQL有一定的了解。
$sql=sprintf( "SELECT * FROM $tbl_name WHERE contactaddress = '%s' ORDER BY searchterms DESC", mysql_real_escape_string($_POST['SearchAddress']) );
如果$_POST['SearchAddress']
print_r($_POST);
运行它,看看你所期望的值是否存在,然后开始转移到@Chris已经触及的更广泛的问题。
为什么你使用sprintf但不提供任何参数(所以你真的没有做任何事情与sprintf)
:
$sql = 'SELECT * FROM `'.$tbl_name.'` WHERE contactaddress = '''.mysql_real_escape_string($_POST['SearchAddress']).''' ORDER BY searchterms ASC';
你应该看看Mysqli或PDO,因为ext/mysql库已经被弃用了。
注意:是的,我去掉了字符串中的变量解析,因为我个人不喜欢它。
编辑:我没有把你的代码读得足够深。在哪里设置$delete?你没有使用register_globals,你是…?
编辑:你想在这段代码中做什么?你像疯了一样乱扔变量,认为它们是它们不是的东西,反之亦然。你能解释一下你写这段代码的目的吗?
最后的编辑:
我理解为什么代码不能像你想的那样工作。当您第一次提交到页面时,您向它发送$_POST['SearchAddress']变量,因此第一个查询可以正确执行。但是,当您提交要删除的字段(从第一个选择查询打印的HTML中)时,您将POST到完全相同的页面。这使得$_POST['SearchAddress']为空,并填充其他$_POST变量。因为第一次SELECT查询第二次失败(返回0行),所以$count = 0,这将不会执行任何DELETE语句。你必须分开代码,或者添加:
<input type="hidden" name="SearchAddress" value="<? echo $_POST['SearchAddress']; ?>" />
在你的HTML(在表单内)。
你还依赖于全局寄存器,这是一个坏主意。这里可以找到一个例子:http://php.net/manual/en/security.globals.php