猿问

回到首页 个人中心 反馈问题 注册登录
下载APP
首页 课程 实战 体系课 手记 专栏 慕课教程

带有用户 ID 变量的 MYSQL 的 HTTP 删除请求

您好我正在尝试使用 where 子句从 MYSQL 数据库中的表中删除记录。这是我到目前为止所拥有的,但它不起作用,我不知道该怎么做。有没有办法使这项工作?我已经包含了我的删除方法和 php 文件代码。


我的网址 -


 deleteCompletedGoal=("http://10.0.2.2/deleteCompletedGoalAddress.php?user_goal_id="+completed_goalID);

我的代码 -


 private void deleteNonActiveGoal(){

        try {

            URL url = new URL(deleteCompletedGoal);

            HttpURLConnection http = (HttpURLConnection) url.openConnection();

            http.setRequestMethod("POST");

            http.setRequestProperty("X-HTTP-Method-Override", "DELETE");

            http.setDoInput(true);

            http.setDoOutput(true);


            OutputStream ops = http.getOutputStream();

            BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(ops, "UTF-8"));

            String data = URLEncoder.encode("user_goal_id", "UTF-8") + "=" + URLEncoder.encode(completed_goalID, "UTF-8") + "&&";


            writer.write(data);

            writer.flush();

            writer.close();

            ops.close();


            InputStream ips = http.getInputStream();

            BufferedReader reader = new BufferedReader(new InputStreamReader(ips, "ISO-8859-1"));


            String line;

            while ((line = reader.readLine()) != null) {

                result += line;

            }

            reader.close();

            ips.close();

            http.disconnect();


        }

        catch (MalformedURLException e) {

            result = e.getMessage();

        } catch (IOException e) {

            result = e.getMessage();

        }


    }

PHP 文件:


<?php

require "connection.php";


$completed_goalID=$_POST["user_goal_id"];



$mysql_qry = "DELETE from user_goals WHERE user_goal_id ='$completed_goalID'";


if($conn->query($mysql_qry) === TRUE) {

echo "delete successful";

}

else{

echo "delete failed";

}

$conn->close();

?>


Cats萌萌
浏览 92回答 2
2回答

阿波罗的战车

由于您在查询字符串中发送变量,因此您将使用 GET 而不是 POST。改变:&nbsp;$completed_goalID=$_POST["user_goal_id"];至$completed_goalID=$_GET["user_goal_id"];警告Little Bobby说您的脚本面临 SQL 注入攻击的风险。了解MySQLi的预处理语句。即使转义字符串也不安全!
0

慕森王

使用 $_GET 获取来自 url 的变量,例如:$completed_goalID=$_GET["user_goal_id"];更改查询以防止 sql 攻击(参考),例如:&nbsp;<?php&nbsp; &nbsp; require "connection.php";&nbsp; &nbsp; $completed_goalID=$_POST["user_goal_id"];&nbsp; &nbsp; $mysql_qry = $conn->prepare("DELETE from user_goals WHERE user_goal_id=?");&nbsp; &nbsp; $mysql_qry->bind_param('i',$completed_goalID);&nbsp; &nbsp; if($mysql_qry->execute() === TRUE){&nbsp; &nbsp; echo "delete successful";&nbsp; &nbsp; }&nbsp; &nbsp; else{&nbsp; &nbsp; echo "delete failed";&nbsp; &nbsp; }&nbsp; &nbsp;$mysql_qry->close();&nbsp; &nbsp; $conn->close();&nbsp; &nbsp; ?>
0
打开App,查看更多内容
随时随地看视频慕课网APP

相关分类

PHP
php如何把参数放在Http Request Heade???? 1 回答