0

我正在尝试使用 php 的 PDO 对象从 mySQL 表中删除与一对条件匹配的所有行。我不知道为什么它不起作用:

//This deletes all comments for a given post;
//Querying database for existent comments on that post;
$this->query = $this->db->query(
"SELECT cid 
FROM comments
WHERE id = '$html_data->id' AND pid = '$html_data->pid'"
);
//Fetching results into an array;
$this->rows = $this->query->fetchAll(PDO::FETCH_ASSOC);
//Deleting each comment on that post;
foreach ($this->rows as $this->row) {
    $this->db->exec(
    "DELETE from comments 
    WHERE cid = '$this->row['cid']'"
    );
};
//Deleting the post itself;
$this->db->exec(
"DELETE from posts 
WHERE id = '$html_data->id' AND pid = '$html_data->pid'"
);

//Deleting the post itself有效,但foreach循环内的部分由于某种原因不起作用。为了调试,我在循环中添加了以下内容:

echo "WHERE cid = '{$this->row['cid']}'";

它按预期返回:

WHERE cid = '1'
WHERE cid = '2'

因此,正在获取的数据不是问题。我也试过

WHERE id = '$html_data->id' AND pid = '$html_data->pid' AND cid = '$this->row['cid']'"

而不是只使用cidand 它也没有工作。回声它返回,如预期的那样:

WHERE id = '1' AND pid = '1' AND cid = '1'
WHERE id = '1' AND pid = '1' AND cid = '2'

是的,我检查了comments表格,id并且pidcid要删除的表格与正在回显的表格相匹配。

4

2 回答 2

2

所以解决这个问题的更好的方法是使用准备好的语句并让变量远离查询。这样,您既可以解决此问题,也可以修复您现在遇到的安全问题(SQL 注入)......

这是您的代码转换为有效的准备语句:

$stmt= $this->db->prepare(
    "SELECT cid 
    FROM comments
    WHERE id = ? AND pid = ?"
);
$this->query = $stmt->execute(array($html_data->id, $html_data->pid));

$this->rows = $this->query->fetchAll(PDO::FETCH_ASSOC);

$deleteStmt = $this->db->prepare(
    "DELETE from comments 
    WHERE cid = ?"
);
foreach ($this->rows as $row) {
    $deleteStmt->execute(array($row['cid']));
};

//Deleting the post itself;
$stmt = $this->db->prepare(
    "DELETE FROM posts
    WHERE id = ? AND pid = ?"
);
$stmt->execute(array($html_data->id, $html_data->pid));

但是,您可以进一步清理它。处理这个问题的最好方法是使用外键。例如,让我们创建一个从评论表pid到帖子id字段的外键。

CREATE TABLE posts (
    id   INT,
    name VARCHAR(35),
    PRIMARY KEY (`id`)
) ENGINE = InnoDB;

CREATE TABLE comments (
    id   INT,
    pid  INT,
    name VARCHAR(35),
    PRIMARY KEY (`id`),
    CONSTRAINT `posts_id`
    FOREIGN KEY `posts_id` (`pid`)
    REFERENCES `posts` (`id`)
    ON DELETE CASCADE
    ON UPDATE CASCADE
) ENGINE = InnoDB

这里的美妙之处在于你的大代码块减少到这样:

$stmt = $this->db->prepare(
    "DELETE FROM posts
    WHERE id = ? AND pid = ?"
);
$stmt->execute(array($html_data->id, $html_data->pid));

当您删除评论时,约束(外键)将自动级联删除以删除评论(因为如果没有,则会有无效的约束)...

于 2013-03-18T14:14:31.060 回答
0

它应该是

$this->db->exec(
"DELETE from comments 
WHERE cid = '$this->row[cid]'"
);

或者你也可以使用

$this->db->exec(
"DELETE from comments 
WHERE cid = '{$this->row['cid']}'"
);
于 2013-03-18T10:32:34.070 回答