Posted by Lars Eighner on 06/14/07 07:23

Is it possible, accidentally or on purpose, to pass a
wildcard to this function that would have the effect
of deleting many or all rows (shortname is a unique,
non-null field)?

function delete_row_by_shortname($table,$shortname){
global $mysqlhost, $mysqlusr, $mysqlpw, $mysqldb;
$link = mysql_connect($mysqlhost, $mysqlusr, $mysqlpw);
if (!$link) {
die('Not connected : ' . mysql_error());
}
mysql_select_db($mysqldb) or
die ('Could not select database:' . "$mysqldb.");
$query = "DELETE FROM $table WHERE shortname='$shortname'";
mysql_query($query) or die ("Query Failed! mysql_error()");
$value = mysql_affected_rows($link);
mysql_close($link);
return $value;
}


--
Lars Eighner <http://larseighner.com/> <http://myspace.com/larseighner>
Countdown: 586 days to go.
Why "War Czar"? That sounds like Imperial Russia!
Call it by the American term: "Fall Guy."

• Next in forum: help on xml
• Prev in forum: Re: if on allow_url_open is set to off is there a way to override this?
• Thread view: Can I pass a wildcard to this function?

[Reply to this message]