我使用PHP方法将值发送到GET表单。当我转到URL时,链接如下所示:
http://www.url.com/getstuff.php?rid=sG94Ok5JtHQ&searcht=music&r=0
我使用以下函数来处理变量:
if (isset($_GET['rid'])) {
if($_GET['r'] == 0) {
echo $_GET['searcht'];
echo $_GET['rid'];
mysql_query('DELETE FROM flags WHERE searchText = "'.$_GET['searcht'].'" AND videoID = "'.$rid.'"');
} else
{
mysql_query('INSERT INTO removed (videoID) VALUES ("'.$_GET['rid'].'")');
mysql_query('DELETE FROM flags WHERE searchText = "'.$_GET['searcht'].'" AND videoID = "'.$rid.'"');
}
}
出于某种原因,INSERT语句在上面工作,但delete语句不起作用。当我echo mysql_error()时,我也没有得到任何东西。我确信列和表名是正确的。任何帮助将不胜感激,以帮助我使删除语句工作!谢谢!
答案 0 :(得分:2)
即使没有删除任何内容,DELETE查询也会成功。在您的代码中,您使用的$rid变量从未设置过。 是 $_GET['rid']变量,因此修复可能是将$rid分配给$_GET['rid'],例如
{
$rid = $_GET['rid'];
mysql_query('INSERT INTO removed (videoID) VALUES ("'.$_GET['rid'].'")');
mysql_query('DELETE FROM flags WHERE searchText = "'.$_GET['searcht'].'" AND videoID = "'.$rid.'"');
}
或者将$rid的所有实例更改为$_GET['rid'],例如
{
mysql_query('INSERT INTO removed (videoID) VALUES ("'.$_GET['rid'].'")');
mysql_query('DELETE FROM flags WHERE searchText = "'.$_GET['searcht'].'" AND videoID = "'.$_GET['rid'].'"');
}
此外,不推荐使用mysql_函数,您应该使用PDO / mysqli。此外,您无法在任何地方(使用intval或mysql_real_escape_string或类似情况)清理您的数据,因此您对SQL注入非常开放。
答案 1 :(得分:-1)
if (isset($_REQUEST['rid'])) {
if($_REQUEST['r'] == 0) {
echo $_REQUEST['searcht'];
echo $_REQUEST['rid'];
mysql_query('DELETE FROM `flags` WHERE `searchText` = "'.$_REQUEST['searcht'].'" AND `videoID` = "'.$_REQUEST['rid'].'"');
} else
{
mysql_query('INSERT INTO removed (videoID) VALUES ("'.$_REQUEST['rid'].'")');
mysql_query('DELETE FROM flags WHERE `searchText` = "'.$_GET['searcht'].'" AND videoID = "'.$_REQUEST['rid'].'"');
}
}
答案 2 :(得分:-2)
在delete stmt
中使用$_GET['rid']代替$rid
AND videoID = "'.$rid.'"');