I am using php / mysql and protype.js to delete record from a table. The problem is that the record in the database is not deleted.
我正在使用php / mysql和protype。从表中删除记录。问题是数据库中的记录没有被删除。
index.php:
index . php:
<a href="javascript: deleteId('<?php echo $studentVo->id?>')">Delete</a></td>
Script is
脚本
function deleteId(id)
{
alert("ID : "+id);
new Ajax.Request('delete.php?action=Delete&id='+id,{method:'post'});
$(id).remove(); // because <tr id='".$row[id]."'> :)
}
delete.php
delete.php
<?php
/* Database connection */
include('configuration.php');
echo "hello,...";
if(isset($_POST['id'])){
$ID = $_POST['id'];
$sql = 'DELETE FROM student where id="'.$ID.'"';
mysql_query($sql);
}
else { echo '0'; }
?>
alert("ID : "+id); is working properly but the code after that is not.
alert(" ID:“+身份证);正在正常工作,但之后的代码不是。
3 个解决方案
#1
9
You are using a GET request, from JS :
您正在使用来自JS的GET请求:
{method:'get'}
And your PHP code uses data he thinks arrives as POST :
你的PHP代码使用他认为以POST的形式到达的数据:
$ID = $_POST['id'];
You should use the same method on both sides.
你应该在两边都使用相同的方法。
(As you are modifying / deleting data, you should probably use POST)
(在修改/删除数据时,您可能应该使用POST)
As a sidenote, you should definitly escape/protected/check the data you are using in the SQL query, to avoid SQL injections, using, for instance, intval as you are working with an integer ; you'd use mysql_real_escape_string if you were working with a string.
作为sidenote,您应该明确地转义/protected/检查SQL查询中使用的数据,以避免SQL注入,例如在处理整数时使用intval;如果使用的是字符串,就应该使用mysql_real_escape_string。
Another way would be to stop using the old mysql extension, and start using mysli or PDO, which means you could use prepared statements (mysqli, pdo)
另一种方法是停止使用旧的mysql扩展,开始使用mysli或PDO,这意味着可以使用准备语句(mysqli, PDO)
EDIT after the comment : you also, now that the request is made in POST, need to change the way parameters are passed : they should not be passed in the URL anymore.
在注释之后进行编辑:您还可以在POST中发出请求,需要更改传递参数的方式:它们不应该在URL中传递。
I suppose that something like this should work :
我想这样的东西应该是有用的:
var myAjax = new Ajax.Request(
'delete.php',
{
method: 'post',
parameters: {action: id}
});
Or you could also use something like this, building the parameters string yourself :
或者你也可以用这样的方法,自己构建参数字符串:
var myAjax = new Ajax.Request(
'delete.php',
{
method: 'post',
parameters: 'action=' + id
});
(Not tested, so you might have to change a few things ;-) )
(没有经过测试,所以您可能需要更改一些东西;-)
For more informations, take a look at Ajax.Request and Ajax options :-)
有关更多信息,请查看Ajax。请求和Ajax选项:
#2
0
It seems like your ajax request is using GET but your delete script is trying to retrieve the id via POST. Try setting {method:'get'} to {method:'post'}.
看起来您的ajax请求正在使用GET,但是您的delete脚本正在尝试通过POST检索id。尝试设置{方法:'get'}{方法:'post'}。
#3
0
Change delete.php like this:
修改删除。php是这样的:
<?php
/* Database connection */
include('configuration.php');
echo "hello,...";
if(isset($_GET['id'])){
$ID = $_GET['id'];
$sql = 'DELETE FROM student where id="'.$ID.'"';
mysql_query($sql);
}
else { echo '0'; }
?>
Or alternatively you cold use $_REQUEST instead of $_GET (or $_POST in the first example) as it aggregates $_GET and $_POST arrays.
或者也可以使用$_REQUEST而不是$_GET(或第一个示例中的$_POST),因为它聚合$_GET和$_POST数组。
#1
9
You are using a GET request, from JS :
您正在使用来自JS的GET请求:
{method:'get'}
And your PHP code uses data he thinks arrives as POST :
你的PHP代码使用他认为以POST的形式到达的数据:
$ID = $_POST['id'];
You should use the same method on both sides.
你应该在两边都使用相同的方法。
(As you are modifying / deleting data, you should probably use POST)
(在修改/删除数据时,您可能应该使用POST)
As a sidenote, you should definitly escape/protected/check the data you are using in the SQL query, to avoid SQL injections, using, for instance, intval as you are working with an integer ; you'd use mysql_real_escape_string if you were working with a string.
作为sidenote,您应该明确地转义/protected/检查SQL查询中使用的数据,以避免SQL注入,例如在处理整数时使用intval;如果使用的是字符串,就应该使用mysql_real_escape_string。
Another way would be to stop using the old mysql extension, and start using mysli or PDO, which means you could use prepared statements (mysqli, pdo)
另一种方法是停止使用旧的mysql扩展,开始使用mysli或PDO,这意味着可以使用准备语句(mysqli, PDO)
EDIT after the comment : you also, now that the request is made in POST, need to change the way parameters are passed : they should not be passed in the URL anymore.
在注释之后进行编辑:您还可以在POST中发出请求,需要更改传递参数的方式:它们不应该在URL中传递。
I suppose that something like this should work :
我想这样的东西应该是有用的:
var myAjax = new Ajax.Request(
'delete.php',
{
method: 'post',
parameters: {action: id}
});
Or you could also use something like this, building the parameters string yourself :
或者你也可以用这样的方法,自己构建参数字符串:
var myAjax = new Ajax.Request(
'delete.php',
{
method: 'post',
parameters: 'action=' + id
});
(Not tested, so you might have to change a few things ;-) )
(没有经过测试,所以您可能需要更改一些东西;-)
For more informations, take a look at Ajax.Request and Ajax options :-)
有关更多信息,请查看Ajax。请求和Ajax选项:
#2
0
It seems like your ajax request is using GET but your delete script is trying to retrieve the id via POST. Try setting {method:'get'} to {method:'post'}.
看起来您的ajax请求正在使用GET,但是您的delete脚本正在尝试通过POST检索id。尝试设置{方法:'get'}{方法:'post'}。
#3
0
Change delete.php like this:
修改删除。php是这样的:
<?php
/* Database connection */
include('configuration.php');
echo "hello,...";
if(isset($_GET['id'])){
$ID = $_GET['id'];
$sql = 'DELETE FROM student where id="'.$ID.'"';
mysql_query($sql);
}
else { echo '0'; }
?>
Or alternatively you cold use $_REQUEST instead of $_GET (or $_POST in the first example) as it aggregates $_GET and $_POST arrays.
或者也可以使用$_REQUEST而不是$_GET(或第一个示例中的$_POST),因为它聚合$_GET和$_POST数组。