0

我正在尝试创建一个表单,该表单将根据用户从选项下拉列表中选择的属性删除表中的一行。出于某种原因,第一个选项 (attemptid) 是一个 int,可以工作,但其他三个(它们是 varchar)不能。我为调试脚本而设置的错误处理正在返回1or true,但有问题的行没有被删除。

帮助!我已经尝试了一切,但只是在学习 PHP,所以想象一下我错过了一些非常简单的东西。

require_once("settings.php");
$conn = @mysqli_connect($host, $user, $pass, $db);
if ($conn) {
?>
   <form method="post" action="delete_attempts.php" name="delete_attempts" id="delete_attempts" >
      <label for="deleteby">
      <p>Select an option to delete results by:</p>
      </label>
      <select name="deleteby">
      <option value="attemptid">Attempt ID</option>
      <option value="firstname">First Name</option>
      <option value="lastname">Last Name</option>
      <option value="studentid">Student ID</option>
      </select>
      <p></p>
      <input type="text" name="delvalue" placeholder="Value">
      <div>
        <input type="submit" value="Delete Record" id="submit" />
      </div>
    </form>
    <?php
    if (isset($_POST["delvalue"])) {
       // get value from form
       $delValue = trim($_POST["delvalue"]);
       echo $delValue;
        // queries to delete record
       $queryAttemptId = "DELETE FROM quizattempts WHERE attemptid = '$delValue'";
        $queryFirstName = "DELETE FROM quizattempts WHERE firstname = '$delValue'";
        $queryLastName = "DELETE FROM quizattempts WHERE lastname = '$delValue'";
        $queryStudentId = "DELETE FROM quizattempts WHERE studentid = '$delValue'";


       //select which value to search for
        if ($_POST["deleteby"] = "attemptid")   {
             // pass query to database
            $result   = mysqli_query($conn, $queryAttemptId);
        } // end delete attemptid
        else if ($_POST["deleteby"] = "firstname")   {
             // pass query to database
            $result   = mysqli_query($conn, $queryFirstName);
        } // end delete firstname
        else if ($_POST["deleteby"] = "lastname")   {
             // pass query to database
            $result   = mysqli_query($conn, $queryLastName);
        } // end delete lastname
        else if ($_POST["deleteby"] = "studentid")   {
             // pass query to database
            $result   = mysqli_query($conn, $queryStudentId);
        } // end delete student id

        echo  "this is the result $result";

        // if query is successful are found
        if ($result) {
            echo "<p>Delete operation successful</p>";
        } // end if result found
        else {
            // if no record is found in DB
            echo "<p>No records found</p>";
        } // end if no result found
    } //isset($_POST["attemptid"])
} //$conn

?>
4

1 回答 1

1 
        if ($_POST["deleteby"] = "attemptid")   {

那应该是==。您编写的代码将分配"attemptid"$_POST["deleteby"]然后返回相同的值......这总是正确的。所以你的其他else if人甚至都不会被检查。

此外,您编写的代码容易受到 SQL 注入的影响。你已经在使用 mysqli;您应该强烈考虑使用准备好的语句

于 2013-11-05T02:40:02.407 回答