我想通过点击一个链接删除mysql数据库中的记录,但我无法完成它,我无法理解错误。 这里是我的代码无法通过PHP删除mysql记录
HTML
<a href="processCategory.php?action=delete?id=(<?php echo $id; ?>);">Delete</a>
processCategory.php
<?php
require_once '../library/config.php';
require_once '../library/functions.php';
checkUser();
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'add' :
addCategory();
break;
case 'delete' :
deleteCategory();
break;
default :
// if action is not defined or unknown
// move to main category page
header('Location: index.php');
}
function deleteCategory()
{
if (isset($_GET['id']) && (int)$_GET['id'] > 0) {
$id = (int)$_GET['id'];
} else {
header('Location: index.php');
}
// delete the products
$sql = "DELETE FROM tbl_vendors
WHERE id = $id";
dbQuery($sql);
header('Location: ../vendor');
}
?>
哪里是错误 –
[小博](http://bobby-tables.com/ )说*** [你的脚本存在SQL注入攻击风险。](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
不应该像这样:'$ sql =“DELETE FROM tbl_vendors WHERE id =”。 $ id;'??你在说什么错误? – lealceldeiro