更新时间:2023-02-06 21:08:19
替换为:
$result = mysqli_query($con, "DELETE FROM Tools WHERE PartNumber = {'$_POST['pnumber']'}") or die ("Couldn't execute query: " .mysqli_error($con));
有了这个:
$result = mysqli_query($con, "DELETE FROM Tools WHERE PartNumber = '" . $_POST['pnumber'] ."'") or die ("Couldn't execute query: " .mysqli_error($con));
注意我没有处理上面的sql注入
更好的是使用可以保护您的查询的准备语句,在您的情况下,它将是这样的:
Even better is to use prepare statements that will secure your querys, in your case it will be something like this:
$sql= 'DELETE FROM Tools WHERE PartNumber= ?';
$stmt = $con->prepare($sql);
$stmt->bind_param('i', $_POST['pnumber']);
$stmt->execute();