3

我在 all 旁边列出了一个 Delete 链接$rows,当我将鼠标悬停在它们上时,它们反映了正确的删除 ID,但是,当我单击时,DELETE我被重定向到phpfile.php?id=4,例如,没有任何内容被删除,也没有发布错误。

while ($row = mysqli_fetch_array($r,MYSQLI_ASSOC))
{
    echo '<tr><td align="left">' .
    $row['title'] . '</td><td align="left">'
    . $row['genre'] . '</td><td align="left">'
    . $row['length'] . '</td><td align="left">'
    . $row['created'] . '</td><td align="left">'
    . $row['views'] . '</td><td align="left">'
    . "<a href='newwriter_profile.php?id={$row['upload_id']}'>Delete</a></td>" .      '</tr>';
}
echo '</table>'; // Close the table

代码的其余部分,存在于同一页面上:

if(isset($_GET['id'])) {
// Get the ID
$id = intval($_GET['upload_id']);


require_once ('../mysqli_connect.php'); //Connect to the db




    $delquery = "
        DELETE 
        FROM upload
        WHERE upload_id = {$id}";
    $done = @mysqli_query ($dbc, $delquery); // Run the query

    if($done) {
        // Make sure the result is valid
        if (mysqli_num_rows($done)==1) {
        echo 'Record Deleted';
        }
        else {
            echo 'error - delete failed';
        }

        // Free the mysqli resources
        @mysqli_free_result($result);
    }
    else {
        echo "Error! Query failed:" .$mysqli_error($dbc);
    }
    mysqli_free_result($done);
    mysqli_close($dbc);
}

如果我能解决这个错误,我会解决一个类似的错误,除了下载功能。

4

1 回答 1

2

You are pulling $id from the non-existent $_GET['upload_id'] when you intend to use $_GET['id']. Since $_GET['upload_id'] is not set, its value is NULL, which gets interpreted as 0. Your query ends up as: DELETE FROM upload WHERE upload_id = 0

$id = intval($_GET['upload_id']);
// Should be
$id = intval($_GET['id']);

Instead of using intval(), I would suggest using more extensive bounds checking on $id. If for example, a string like "abc" were passed in ?id=abc, intval("abc") would cast it to 0 and you would pass 0 into your query. If id needs to be a positive integer, use something like:

if (ctype_digit($_GET['id'])) {
  // ok, do your query
}
else {
  // invalid input, report error to user and don't touch your database.
}

Finally, we don't see the rest of your script, but it is usually crucial when using a hyperlink to perform a delete action (or any action for that matter) that you check ownership of the row you are attempting to delete before completing the action. Make sure that the logged-in user has permission to delete the row, and if not, don't perform any database action. Otherwise, any user could pass any value into the URL to modify others' data. Suggested reading: The Spider of Doom

于 2012-05-11T02:09:12.887 回答