PHP不会从MySQL中删除

Question

PHP代码不会使用"$ noteid"从数据库中删除项目.如果我在它的位置放一个数字,但是当我尝试使用"$ noteid"时.它不会这样做.它确实一切正确到它试图删除的程度.

这是我如何得到"$ noteid":

//javascript
function viewnote(noteid) {

  window.location = "noteview.php?noteid="  + noteid;

}

//button in body
<input type="button" value="Edit" onclick="editnote('<?= $noteid ?>')" />

这是链接到页面的代码:

<?php

$noteid = $_REQUEST['noteid'];

if (isset($_POST['delete'])){
 mysql_query("DELETE FROM notes WHERE noteid='$noteid'");
 header ('Location: index2.php');
}
?>

<body>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" style="margin:0px; pading:0px"><input type="submit" name="delete" value="Delete"></form>
</body>

---

**现在正在工作!**使其发挥作用的是一个隐藏的形式领域.

这是代码:

<?php
if (isset($_POST['delete'])){
        $nid = $_REQUEST['notenum'];
    mysql_query("DELETE FROM notes WHERE noteid='$nid'");
    header ('Location: index2.php');
}
?>

//body cody
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" style="margin:0px; pading:0px"><input type="text" name="notenum" value="<?php echo $noteid; ?>" style="display:none" /><input type="submit" name="delete" value="Delete"></form>

感谢大家的帮助!!! 这个网站现在是我最喜欢的网站.

Answer 1

你使用了很多不好的做法:

<?= $noteid ?>

所有PHP版本都不支持,请使用以下代码:

<?php echo $noteid; ?>

其次,

mysql_query("DELETE FROM notes WHERE noteid='$noteid'");

停在那儿.在编码之前了解SQL注入.我不是在开玩笑.正确的代码:

mysql_query('DELETE FROM notes WHERE noteid="'.mysql_real_escape_string($noteid).'"');

还要确保PHP变量$noteid之前存在onclick="editnote(...)" />.