我有一个包含四列的表,其中一列包含用户输入的电子邮件地址。我正在尝试使用PHP / SQL从“电子邮件”列中删除电子邮件,但前提是它与用户在“removeemail”表单中输入的内容相匹配。
这是我的表格代码:
<?php
require_once("connectvars.php");
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$query = "CREATE TABLE email_list (
id INT AUTO_INCREMENT,
first_name VARCHAR(20),
last_name VARCHAR(20),
email VARCHAR(60),
PRIMARY KEY (id) )";
...
?>
删除电子邮件表单:
<form method="post" action="removeemail.php">
<label for="email">Email address:</label><br/>
<input type="text" id="email" name="email" /><br/>
<input type="submit" name="submit" value="Remove" />
</form>
我的php删除了电子邮件:
<?php
require_once('connectvars.php');
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$email = $_POST['email'];
$query = "DELETE FROM email_list WHERE email = $email";
mysqli_query($dbc, $query) or die('Error querying database.');
echo 'Customer removed: ' . $email;
mysqli_close($dbc);
?>
每次尝试删除电子邮件时,由于某种原因,我都会出现或死错。 任何帮助将不胜感激!
答案 0 :(得分:1)
电子邮件是字符串,因此您需要使用引号。
$query = "DELETE FROM email_list WHERE email = '$email'";
您还需要使用real_escape_string()
$email = mysqli_real_escape_string($dbc,$_POST['email']);
所以你的完整脚本应该是这样的:
require_once('connectvars.php');
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$email = mysqli_real_escape_string($dbc,$_POST['email']);
$query = "DELETE FROM email_list WHERE email = '$email'";
mysqli_query($dbc, $query) or die('Error querying database.');
echo 'Customer removed: ' . $email;
mysqli_close($dbc);
答案 1 :(得分:1)
更改
$email = $_POST['email'];
$query = "DELETE FROM email_list WHERE email = $email";
要
$email = mysqli_real_escape_string ($dbc, $_POST['email']);
$query = "DELETE FROM email_list WHERE email = '$email'";
字符串应该包含在查询中的单引号中,并且在查询中直接使用用户输入会使其容易受到sql注入的攻击
答案 2 :(得分:-1)
在$ email变量
周围添加撇号$query = "DELETE FROM email_list WHERE email = '$email'";
答案 3 :(得分:-1)
首先,您需要始终清理用户输入。最重要的是,在将其传递到数据库之前,您需要进行某种验证,并且您可能需要考虑使用预准备语句。
您收到错误的原因是因为我传递了电子邮件地址'test@test.com',您的查询将显示为:
DELETE FROM email_list WHERE email = test@test.com;
如果您想要阅读:
DELETE FROM email_list WHERE email = 'test@test.com';
在这种情况下,您可以在将$email
输入查询时将其用单引号括起来。
$query = "DELETE FROM email_list WHERE email = '$email'";