我正在尝试为显示的行创建删除按钮。这些行是mysql数据库中的实际数据。
当我运行代码时,我可以启动会话,查看所有显示的数据。但是当我单击delete按钮时,数据库中的数据不会改变。
我怀疑是删除按钮的“值”。我不知道如何将该值与sql查询相关联。
任何帮助都将不胜感激。谢谢您!
<html>
<head>
<title>Delete Transaction</title>
</head>
<body>
<?php
session_start();
if (isset($_SESSION['Username'])) {
$Username=$_SESSION['Username'];
}
?>
<h2><?php echo "USER $Username LOGGED IN"; ?></h2>
<form action ="" method = "post">
<?php
$dbc=mysqli_connect('localhost','testuser','password','Project')
or die ("Could not Connect! \n");
$sql_query = "SELECT MemberID FROM Members WHERE Username = '$Username';";
$result1 = mysqli_query($dbc,$sql_query) or die ("error querying database");
if (mysqli_num_rows($result1) > 0 ) {
$row = mysqli_fetch_assoc($result1);
$mID = $row['MemberID'];
} // assigning mID as MemberID
$sql = "SELECT * FROM Sales WHERE Members_ID = '$mID' "; // Getting Members_ID in Sales Table
$result=mysqli_query($dbc,$sql) or die ("Error Querying Database");
$sql_getSalesID = "SELECT SalesID FROM Sales WHERE Members_ID ='$mID'"; // Getting SalesID
$result2 = mysqli_query($dbc,$sql_getSalesID) or die ("Error Querying Database 2");
if (mysqli_num_rows($result2) > 0 ) {
$row = mysqli_fetch_assoc($result2);
$SalesID = $row['SalesID'];
}
if (isset($_POST['SalesID']) and is_numeric($_POST['SalesID']))
{
$delete =$_POST['SalesID'];
$sql_delete="DELETE FROM Sales WHERE SalesID = '$delete'";
$result3 = mysqli_query($dbc,$sql_delete) or die ("Error Querying Database 3");
}
echo "<table>";
echo "<tr> <th> User </th> <th> Item </th> <th> Purchase Date </th> <th> Delete Option </th> </tr>";
while($row=mysqli_fetch_array($result)){
echo "<tr> <td>".$row['Members_ID']."</td>
<td>".$row['Items_ID']."</td> <td>".$row['PurchaseDate']."</td>
<td><button type='submit' name ='deleteTrans' value ='".$sql_delete."'> Delete </button></td> </tr>";
}
echo "</table>";
mysqli_close();
?>
</form>
</body>
</html>
1条答案
按热度按时间kqlmhetl1#
请参阅适合您的解决方案:删除此销售与$\u得到我还添加了一个防火墙的攻击:sql注入和xss
这样地: