如何使用带有变量的WHERE子句删除记录?

时间:2014-02-27 18:37:50

标签: php database

我有一个包含四列的表,其中一列包含用户输入的电子邮件地址。我正在尝试使用PHP / SQL从“电子邮件”列中删除电子邮件,但前提是它与用户在“removeemail”表单中输入的内容相匹配。

这是我的表格代码:

<?php
require_once("connectvars.php"); 

$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

$query = "CREATE TABLE email_list (
    id INT AUTO_INCREMENT,
    first_name VARCHAR(20),
    last_name VARCHAR(20),
    email VARCHAR(60),
    PRIMARY KEY (id) )";
...
?>

删除电子邮件表单:

<form method="post" action="removeemail.php">
     <label for="email">Email address:</label><br/>
     <input type="text" id="email" name="email" /><br/>
     <input type="submit" name="submit" value="Remove" />
</form>

我的php删除了电子邮件:

<?php
require_once('connectvars.php');

$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$email = $_POST['email'];
$query = "DELETE FROM email_list WHERE email = $email"; 

mysqli_query($dbc, $query) or die('Error querying database.');

echo 'Customer removed: ' . $email;

mysqli_close($dbc);
?>

每次尝试删除电子邮件时,由于某种原因,我都会出现或死错。 任何帮助将不胜感激!

4 个答案:

答案 0 :(得分:1)

电子邮件是字符串,因此您需要使用引号。

$query = "DELETE FROM email_list WHERE email = '$email'";

您还需要使用real_escape_string() 

 $email = mysqli_real_escape_string($dbc,$_POST['email']);

所以你的完整脚本应该是这样的:

require_once('connectvars.php');

$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

$email = mysqli_real_escape_string($dbc,$_POST['email']);
$query = "DELETE FROM email_list WHERE email = '$email'"; 

mysqli_query($dbc, $query) or die('Error querying database.');

echo 'Customer removed: ' . $email;

mysqli_close($dbc);

答案 1 :(得分:1)

更改

$email = $_POST['email'];
$query = "DELETE FROM email_list WHERE email = $email"; 


$email = mysqli_real_escape_string ($dbc, $_POST['email']);
$query = "DELETE FROM email_list WHERE email = '$email'";

字符串应该包含在查询中的单引号中,并且在查询中直接使用用户输入会使其容易受到sql注入的攻击

答案 2 :(得分:-1)

在$ email变量

周围添加撇号 
$query = "DELETE FROM email_list WHERE email = '$email'";

答案 3 :(得分:-1)

首先,您需要始终清理用户输入。最重要的是,在将其传递到数据库之前,您需要进行某种验证,并且您可能需要考虑使用预准备语句。

您收到错误的原因是因为我传递了电子邮件地址'test@test.com',您的查询将显示为:

DELETE FROM email_list WHERE email = test@test.com;

如果您想要阅读:

DELETE FROM email_list WHERE email = 'test@test.com';

在这种情况下,您可以在将$email输入查询时将其用单引号括起来。

$query = "DELETE FROM email_list WHERE email = '$email'";
相关问题
最新问题