1. 首页
  2. 问答
  3. 删除不工作

删除不工作

2015-11-05 86 views
0

我有两页,第一显示了MySQL数据库从某一特定领域的所有项目数据库条目:删除不工作

DatabaseEntries.php

<?php 
include('connect.php'); 

$result = mysqli_query($db, "SELECT * FROM names") 
    or die(mysqli_error($db)); 


echo "<table border='1' cellpadding='10'>"; 
echo "<tr> <th>Firstname</th> <th>lastname</th> <th>Email</th><th></th> "; 


while($row = mysqli_fetch_array($result)) { 

    // echo out the contents of each row into a table 

    echo "<tr>"; 
    echo '<td>' . $row['firstname'] . '</td>'; 
    echo '<td>' . $row['lastname'] . '</td>'; 
    echo '<td>' . $row['email'] . '</td>'; 
    echo '<td><a href="delete.php?email=' . $row['email'] . '">Delete</a></td>'; 
    echo "</tr>"; 

} 
?>

第二页包含删除功能:

Delete.php

<?php 

include('connect.php'); 

// check if the 'id' variable is set in URL, and check that it is valid 
if (isset($_GET['email'])) 
{ 
// get id value 
$email = $_GET['email']; 

// delete the entry 
$result = mysqli_query($db, "DELETE FROM names WHERE email=$email") 
or die(mysqli_error($db)); 

// redirect back to the view page 
header("Location: DatabaseEntries.php"); 
} 
else 
// if id isn't set, or isn't valid, redirect back to view page 
{ 
header("Location: Error.php"); 
} 

?>

我在尝试从数据库中删除项目时出现以下错误:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1

谁能告诉我为什么?以及如何解决它?

感谢

来源

2015-11-05 smith_05_bird

+1

;添加单引号,试试这个'DELETE FROM names WHERE email ='$ email'' –

+1

你的代码*全面打开*到** SQL注入攻击**。从技术上讲,你不控制你的SQL语句的语法,你只是执行用户发送给你的任何代码。 – David

+0

@David它在哪里打开SQL注入呢? –

回答

0

添加quotes围绕$email

DELETE FROM names WHERE email='$email'
您有在附近的删除命令** $电子邮件**错误

来源

2015-11-05 13:24:44 Samir

相关问题

 相关问题