当前位置: 文江博客话题详情

SQL删除语法错误,还有一些PHP和Jquery

发布于 2024-11-05 22:24:19 字数 1706 浏览 3 评论 0原文

我有一个名为“favoritecats”的数据库表,其中包含以下字段:

  • id
  • catName
  • catId

我正在使用 Jquery 在 DOM Ready 上的元素的单击事件上运行此函数。

// Delete a Favorite Category from SQL Database
    $('.deleteCatFavs').click(function(){      // On click of .deleteCatFavs
    var actionRequested = "AJAX_delFavCat";    // My Personal PHP Controller Identifier
    var url = "index.php";                     // URL to post to

// Now Im getting the data I want to post into variables.
    var catId = $("input[name=FavCats]:checked").val();
    var rowId = $("input[name=FavCats]:checked").attr("id");

// Now we make the post
    $.post(url, {AJAX_Action: actionRequested, rowId: rowId},
        function(data){
            $("#favCats").fadeIn().html(data);
           });
    });

这一切都很好,

但是下面 我有 PHP 代码来从数据库中删除上面选定的 rowId。 这就是我遇到问题的地方,我确定它是一个 SQL 错误。

public function AJAX_delFavCat(){

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM 'favoritecats' WHERE id='$rowId'");

// My personal Loaders, I need help with the delete query above!!
$data = $this->database->query("SELECT * FROM favoritecats");
$this->load->view('Ajax_addToFavCats.php', $data, $ajax=1);

} // End

“DELETE FROM 'favoritecats' WHERE id='$rowId'”不起作用,我做错了什么?

[编辑]
我通过 SQL 得到以下错误: 您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,了解在第 1 行 ''favoritecats' WHERE id='27'' 附近使用的正确语法

另外,如何使用 $.ajax 方法而不是 $ 编写 Jquery 函数我现在使用的.post方法,真的有区别吗?

原文

I have a database table named 'favoritecats' with the following fields:

  • id
  • catName
  • catId

I am using Jquery to run this function on click event of an element on DOM Ready.

// Delete a Favorite Category from SQL Database
    $('.deleteCatFavs').click(function(){      // On click of .deleteCatFavs
    var actionRequested = "AJAX_delFavCat";    // My Personal PHP Controller Identifier
    var url = "index.php";                     // URL to post to

// Now Im getting the data I want to post into variables.
    var catId = $("input[name=FavCats]:checked").val();
    var rowId = $("input[name=FavCats]:checked").attr("id");

// Now we make the post
    $.post(url, {AJAX_Action: actionRequested, rowId: rowId},
        function(data){
            $("#favCats").fadeIn().html(data);
           });
    });

This all Works Fine,

But below I have the PHP Code to delete the selected rowId from above from the database.
Here is where im having the issue, Im sure its a SQL error.

public function AJAX_delFavCat(){

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM 'favoritecats' WHERE id='$rowId'");

// My personal Loaders, I need help with the delete query above!!
$data = $this->database->query("SELECT * FROM favoritecats");
$this->load->view('Ajax_addToFavCats.php', $data, $ajax=1);

} // End

The "DELETE FROM 'favoritecats' WHERE id='$rowId'" doesn't work, what am I doing wrong?

[EDIT]
I get the following error through SQL:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''favoritecats' WHERE id='27'' at line 1

Also, How would I write a Jquery function using the $.ajax method instead of the $.post method im using now, does it really make a difference?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

不爱素颜 2024-11-12 22:24:19

我做错了什么?

你有一个 SQL 注入安全漏洞。
请参阅:“Bobby Tables”XKCD 漫画中的 SQL 注入是如何工作的?

更改this

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM 'favoritecats' WHERE id='$rowId'");

到 this

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
$rowId = mysql_real_escape_string($rowId);
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM `favoritecats` WHERE id='$rowId'");

正确转义您的输入。

回到您的问题

$this->database->query("DELETE FROM `favoritecats` WHERE id='$rowId'");

将修复您的错误。
请注意在表名周围使用反引号,不允许使用普通引号,这实际上是一个语法错误

what am I doing wrong?

You've got a SQL-injection security hole.
See: How does the SQL injection from the "Bobby Tables" XKCD comic work?

Change this

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM 'favoritecats' WHERE id='$rowId'");

To this

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
$rowId = mysql_real_escape_string($rowId);
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM `favoritecats` WHERE id='$rowId'");

To properly escape your inputs.

Back to your question

$this->database->query("DELETE FROM `favoritecats` WHERE id='$rowId'");

Will fix your error.
Note the use of backticks around tablenames, Normal quotes are not allowed and are in fact a syntax error.

回复 原文
冬天旳寂寞 2024-11-12 22:24:19

表名不应包含在单引号中。使用反引号或保持原样。

DELETE FROM 'favoritecats' - wrong
DELETE FROM `favoritecats` - correct
DELETE FROM favoritecats - also correct

Table name should not be in single quotes. Use backticks or leave it as it is .

DELETE FROM 'favoritecats' - wrong
DELETE FROM `favoritecats` - correct
DELETE FROM favoritecats - also correct
回复 原文
~没有更多了~

关于作者

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

離殇

文章 0 评论 0

小姐丶请自重

文章 0 评论 0

Aik

文章 0 评论 0

国产ˉ祖宗

文章 0 评论 0

猥琐帝

文章 0 评论 0

半仙

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文