我想通過點擊一個鏈接刪除mysql數據庫中的記錄,但我無法完成它,我無法理解錯誤。 這裏是我的代碼無法通過PHP刪除mysql記錄
HTML
<a href="processCategory.php?action=delete?id=(<?php echo $id; ?>);">Delete</a>
processCategory.php
<?php
require_once '../library/config.php';
require_once '../library/functions.php';
checkUser();
$action = isset($_GET['action']) ? $_GET['action'] : '';
switch ($action) {
case 'add' :
addCategory();
break;
case 'delete' :
deleteCategory();
break;
default :
// if action is not defined or unknown
// move to main category page
header('Location: index.php');
}
function deleteCategory()
{
if (isset($_GET['id']) && (int)$_GET['id'] > 0) {
$id = (int)$_GET['id'];
} else {
header('Location: index.php');
}
// delete the products
$sql = "DELETE FROM tbl_vendors
WHERE id = $id";
dbQuery($sql);
header('Location: ../vendor');
}
?>
哪裏是錯誤 –
[小博](http://bobby-tables.com/ )說*** [你的腳本存在SQL注入攻擊風險。](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***。即使[轉義字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的! –
不應該像這樣:'$ sql =「DELETE FROM tbl_vendors WHERE id =」。 $ id;'??你在說什麼錯誤? – lealceldeiro