如何从数据库中删除特定用户？

发布于 2025-01-29 13:48:12 字数 802 浏览 0 评论 0原文

假设我在我的网站上注册了一个用户，他们现在想删除帐户。
我有一个查询要这样做，但是每次用户使用此功能时，代码都会删除所有用户。

这是我的代码：

<?php 
// starts session
session_start();

// set values
$DB_SERVER = 'localhost';
$DB_USERNAME = 'root';
$DB_PASSWORD = '';
$DB_NAME = 'acoolname';

// creates a new connection to the database
$conn = new mysqli($DB_SERVER, $DB_USERNAME, $DB_PASSWORD, $DB_NAME);

// checks connection
if ($conn->connect_error) {
  die("ERRO: Falha ao conectar. " . $conn->connect_error);
}

// query to delete the user
$sql = "DELETE FROM users WHERE id = id";

// logout user
if ($conn->query($sql) === true) {
  header("location: logout.php");
}else {
  echo "ERRO: Falha ao conectar. " . $conn->error;
}

// close connection
$conn->close();
?>

原文

Let's say I have an user registered on my website and they now want to delete the account.
I've a query to do that but every time the user uses this functionality the code deletes all users.

Here is my code:

<?php 
// starts session
session_start();

// set values
$DB_SERVER = 'localhost';
$DB_USERNAME = 'root';
$DB_PASSWORD = '';
$DB_NAME = 'acoolname';

// creates a new connection to the database
$conn = new mysqli($DB_SERVER, $DB_USERNAME, $DB_PASSWORD, $DB_NAME);

// checks connection
if ($conn->connect_error) {
  die("ERRO: Falha ao conectar. " . $conn->connect_error);
}

// query to delete the user
$sql = "DELETE FROM users WHERE id = id";

// logout user
if ($conn->query($sql) === true) {
  header("location: logout.php");
}else {
  echo "ERRO: Falha ao conectar. " . $conn->error;
}

// close connection
$conn->close();
?>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

时间你老了 2025-02-05 13:48:12

id = id始终返回true，因此查询确实删除了所有用户。

删除特定用户的安全方法是使用准备的语句，以避免使用SQL注入。

类似

$stmt = $conn->prepare('DELETE FROM users WHERE id = ?');
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->close();

id = id always returns true, so the query indeed deletes all the users.

The safe way to delete a specific user is to use prepared statements, in order to avoid SQL injection.

Something like

$stmt = $conn->prepare('DELETE FROM users WHERE id = ?');
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->close();

回复收藏 0 原文

微凉 2025-02-05 13:48:12

您的其中条件是否对每行进行比较，无论当前行的ID是否匹配id。换句话说，查询将字段与本身进行比较，该字段为每个行提供true。因此，每行都会删除。

您必须将第二个id替换为包含当前用户的ID值的变量，或使用当前用户的ID。后者容易注射SQL。请参阅这个问题查询，安全。

回复收藏 0 原文

我很坚强 2025-02-05 13:48:12

<?php 
// starts session
session_start();

// set values
$DB_SERVER = 'localhost';
$DB_USERNAME = 'root';
$DB_PASSWORD = '';
$DB_NAME = 'acoolname';

// creates a new connection to the database
$conn = new mysqli($DB_SERVER, $DB_USERNAME, $DB_PASSWORD, $DB_NAME);

// checks connection
if ($conn->connect_error) {
  die("ERRO: Falha ao conectar. " . $conn->connect_error);
}

// query to delete the user

//Collect the specific user you want to delete from your form
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["user"])) {
    $username = $_POST["user"];

 // Delete user with the specified username
    $sql = "DELETE FROM users WHERE username = '$username'";

// logout user
if ($conn->query($sql) === true) {
  header("location: logout.php");
}else {
  echo "ERRO: Falha ao conectar. " . $conn->error;
}

// close connection
$conn->close();
?>

Missing page of your code is - 
//Collect the specific user you want to delete from your form
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["user"])) {
    $username = $_POST["user"];

<?php 
// starts session
session_start();

// set values
$DB_SERVER = 'localhost';
$DB_USERNAME = 'root';
$DB_PASSWORD = '';
$DB_NAME = 'acoolname';

// creates a new connection to the database
$conn = new mysqli($DB_SERVER, $DB_USERNAME, $DB_PASSWORD, $DB_NAME);

// checks connection
if ($conn->connect_error) {
  die("ERRO: Falha ao conectar. " . $conn->connect_error);
}

// query to delete the user

//Collect the specific user you want to delete from your form
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["user"])) {
    $username = $_POST["user"];

 // Delete user with the specified username
    $sql = "DELETE FROM users WHERE username = '$username'";

// logout user
if ($conn->query($sql) === true) {
  header("location: logout.php");
}else {
  echo "ERRO: Falha ao conectar. " . $conn->error;
}

// close connection
$conn->close();
?>

Missing page of your code is - 
//Collect the specific user you want to delete from your form
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["user"])) {
    $username = $_POST["user"];

回复收藏 0 原文

~没有更多了~