PHP删除脚本,返回“viewsubjects.php?classroom_id=NO VALUE”

发布于 2024-08-25 19:09:28 字数 788 浏览 4 评论 0原文

正如标题所述...我正在从“教室”中删除“主题”,我查看教室,然后可以单击教室来查看该教室的主题。因此,我查看主题的链接如下所示:

viewsubjects.php?classroom=23

当用户选择删除按钮(连续)从班级中删除主题时,我只是希望将用户重定向回教室的主题列表(确切地说是他们之前在哪里!!)

所以我认为这只是在我的删除脚本中调用教室 ID 的情况。这是我所拥有的:

编辑:更正了代码中的拼写错误(这不是问题)

    $subject_id = $_GET['subject_id'];
    $classroom_id = $_GET['classroom_id'];

$sql = "DELETE FROM subjects WHERE subject_id=".$subject_id;
$result = mysql_query($sql, $connection)
    or die("MySQL Error: ".mysql_error());


header("Location: viewsubjects.php?classroom_id=".$classroom_id);
exit();

主题正在从数据库中删除,但是当我重定向回来时,URI 显示为空教室我想要:

viewsubjects.php?classroom_id=

有没有办法通过删除脚本成功携带教室ID,以便之后显示,从而允许用户重定向回页面?感谢您的帮助!

As the title states... I am deleting a 'subject' from a 'classroom' I view classrooms, then can click on a classroom to view the subject for that classroom. So the link where I am viewing subjects looks like:

viewsubjects.php?classroom=23

When the user selects the delete button (in a row) to remove a subject from a class, I simply want the user to be redirected back to the list of subjects for the classroom (exactly where they were before!!)

So I though this is simply a case of calling up the classroom ID within my delete script. Here is what I have:

EDIT: corrected spelling mistake in code (this was not the problem)

    $subject_id = $_GET['subject_id'];
    $classroom_id = $_GET['classroom_id'];

$sql = "DELETE FROM subjects WHERE subject_id=".$subject_id;
$result = mysql_query($sql, $connection)
    or die("MySQL Error: ".mysql_error());


header("Location: viewsubjects.php?classroom_id=".$classroom_id);
exit();

The subject is being removed from the DB, but when I am redirected back the URI is displaying with an empty classroom ID like:

viewsubjects.php?classroom_id=

Is there a way to carry the classroom ID through successfully through the delete script so it can be displayed after, allowing the user to be redirected back to the page? Thanks for any help!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

随遇而安 2024-09-01 19:09:28

您的代码中有拼写错误吗?

将第 2 行更改为:
$classroom_id = $_GET['classroom'];

Spelling mistake in your code?

Change line 2 to:
$classroom_id = $_GET['classroom'];

听,心雨的声音 2024-09-01 19:09:28

只是要注意,如果这是一个管理功能:那就太好了。

如果这是在前端,您需要考虑确保 subject_id 是干净的,因为它很容易入侵您的网站。

Just to note, if this is an admin function: great.

If this is on the front end, you need to consider making sure the subject_id is clean as it would be very easy to hack into your site.

盛夏尉蓝 2024-09-01 19:09:28

它应该是 $classroom_id = $_GET['classroom'];

不是:$classroom_id = $_GET['classrom_id'];

编辑 您已编辑您的代码,但 $_GET 变量中的字符串是否与 URL 中的字符串匹配?

It should be $classroom_id = $_GET['classroom'];

Not: $classroom_id = $_GET['classrom_id'];

EDIT You have edited your code but does the string in the $_GET variable match that string in the URL?

未蓝澄海的烟 2024-09-01 19:09:28

为什么不将classroom_id添加到隐藏字段中的删除表单中?

Why don't you add classroom_id to the delete form in a hidden field?

予囚 2024-09-01 19:09:28

这可能有点冗长……但让我们看看会发生什么

if ( !isset($_GET['subject_id']) ) {
  echo 'DEBUG: missing GET parameter subject_id';
  var_dump($_GET);
  die;
}
if ( !isset($_GET['classrom_id']) ) {
  echo 'DEBUG: missing GET parameter classroom_id';
  var_dump($_GET);
  die;
}
else if ( 0===strlen(trim($_GET['subject_id'])) ) {
  echo 'DEBUG: empty GET parameter subject_id';
  var_dump($_GET);
  die;
}
else if ( 0===strlen(trim($_GET['classrom_id'])) ) {
  echo 'DEBUG: empty GET parameter classroom_id';
  var_dump($_GET);
  die;
}

$subject_id = mysql_real_escape_string($_GET['subject_id'], $connection);

$sql = "DELETE FROM subjects WHERE subject_id='$subject_id'";
$result = mysql_query($sql, $connection) or die("MySQL Error: ".mysql_error());
if ( 0===mysql_affected_rows($connection) ) {
  echo 'no such subject_id found. no records have been deleted';
  die;
}

header("Location: viewsubjects.php?classroom_id=".urlencode($_GET['classrom_id']));
exit();

(它还修复了 sql 注入漏洞)

This may be a little verbose ...but let's see what happens with

if ( !isset($_GET['subject_id']) ) {
  echo 'DEBUG: missing GET parameter subject_id';
  var_dump($_GET);
  die;
}
if ( !isset($_GET['classrom_id']) ) {
  echo 'DEBUG: missing GET parameter classroom_id';
  var_dump($_GET);
  die;
}
else if ( 0===strlen(trim($_GET['subject_id'])) ) {
  echo 'DEBUG: empty GET parameter subject_id';
  var_dump($_GET);
  die;
}
else if ( 0===strlen(trim($_GET['classrom_id'])) ) {
  echo 'DEBUG: empty GET parameter classroom_id';
  var_dump($_GET);
  die;
}

$subject_id = mysql_real_escape_string($_GET['subject_id'], $connection);

$sql = "DELETE FROM subjects WHERE subject_id='$subject_id'";
$result = mysql_query($sql, $connection) or die("MySQL Error: ".mysql_error());
if ( 0===mysql_affected_rows($connection) ) {
  echo 'no such subject_id found. no records have been deleted';
  die;
}

header("Location: viewsubjects.php?classroom_id=".urlencode($_GET['classrom_id']));
exit();

(it also fixes the sql injection vulnerability)

口干舌燥 2024-09-01 19:09:28

如果响应上面的内容,那就更容易做到:

if (!isset($_GET['subject_id']) || empty($_GET['subject_id']) || !is_numeric($_GET['subject_id'])) {
 throw new exception('Subject Id is not set');
}

If response to above, it'd be easier todo:

if (!isset($_GET['subject_id']) || empty($_GET['subject_id']) || !is_numeric($_GET['subject_id'])) {
 throw new exception('Subject Id is not set');
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文