问题描述
我正在研究评论系统和我创建了一个页面,管理员可以删除评论.我已经对所有内容进行了编码似乎是正确的,但我不知道为什么它根本不起作用...
I am working on a comment system & I created a page that admins can be able to delete comments. I have coded everything & it seems to be right but I don't know why it's not working at all...
这是管理员页面的代码:
Here's the code to the admins page:
<html>
<head>
<title>Admins Page</title>
</head>
<body>
<?php
function getCM(){
global $con;
$get_comment = "select * from product_comments where type='0'";
$run_comment = mysqli_query($con, $get_comment);
while($row_comment = mysqli_fetch_array($run_comment)){
$cmid = $row_comment["id"];
$cmcode = $row_comment["productcode"];
$cmemail = $row_comment["email"];
$cmname= $row_comment["name"];
$cmcomment = $row_comment["comment"];
$cmdate = $row_comment["modified_date"];
$cmtime = $row_comment["modified_time"];
$cmtype = $row_comment["type"];
echo "
<div class='container'>
<div id='table' class='table-editable'>
<span class='table-add glyphicon glyphicon-plus'></span>
<table class='table'>
<tr>
<th>Comment ID #$cmid</th>
</tr>
<tr>
<td contenteditable='true'>$cmcomment</td>
<td>
<span class='table-remove glyphicon glyphicon-remove'></span>
</td>
<td>
<a href='delete.php?id=$cmid'>Delete</a>
</td>
</tr>
</div>
";
}
}
?>
</body>
</html>
这是delete.php页面的代码:
And here's the code to delete.php page:
<?php
session_start();
if (!isset($_SESSION["manager"])) {
header("location: admin_login.php");
exit();
}
require '../php_includes/init/db_conx.php';
require '../functions/func.php';
if (isset($_GET['cmid'])){
$comment_id = $_GET['cmid'];
mysqli_query("DELETE FROM product_comments WHERE id='$comment_id'") or die(mysql_error());
echo "<script>alert('Comment has been deleted!')</script>";
header("Location: product_comments.php");
}
?>
如果您知道我的问题,请告诉我...
Please if you know what's my problem please let me know that...
推荐答案
这里有些错误.
您没有连接到查询mysqli_query("DELETE...
该函数需要传递数据库连接参数.
That function requires a database connection parameter be passed.
然后mysql_error()
将该mysql_
函数不与自己的API混合使用,请使用mysqli_error($con)
,并假定已成功连接mysqli_
和$con
作为其变量.
Then mysql_error()
that mysql_
function does not mix with anything other than its own API, use mysqli_error($con)
, assuming a successful connection with mysqli_
and $con
as its variable.
您当前的代码已开放给 SQL注入 .使用 mysqli_*
具有准备好的语句 或 PDO 和 准备好的声明 .
Your present code is open to SQL injection. Use mysqli_*
with prepared statements, or PDO with prepared statements.
在PHP方面:
向其中添加 错误报告 文件顶部,这将有助于查找错误.
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
边注:显示错误只能在登台中进行,而绝不能用于生产.
Sidenote: Displaying errors should only be done in staging, and never production.
您的代码中的其他地方应该有错误.
should there be errors elsewhere in your code.
在您的代码的这一部分中:
which there is, in this part of your code:
echo "<script>alert('Comment has been deleted!')</script>";
header("Location: product_comments.php");
您要在标头之前输出,并且需要删除回显并为标头添加exit;
.
You are outputting before header, and need to remove the echo and adding exit;
for the header.
然后这样:
<a href='delete.php?id=$cmid'>Delete</a>
您正在使用?id
并引用$_GET['cmid']
数组.
You are using ?id
and referencing the $_GET['cmid']
array.
关于"id"的那部分^被称为教人如何钓鱼"..
That bit ^ about the "id" is called "Teach a person HOW to fish".
脚注:
- 我不知道您在哪里以及如何调用
getCM()
函数.
这篇关于为什么删除查询在PHP中不起作用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!