|
|
Posted by Gilles Ganault on 01/30/08 03:28
On Tue, 29 Jan 2008 20:53:29 -0500, Jerry Stuckle
<jstucklex@attglobal.net> wrote:
>And adding a checkbox isn't hard at all. But don't just use
> the primary key id in the checkbox unless you have some other way
> to protect your page from hackers.
The definitive wrong way to do things:
============
<?php
switch ($status) {
case "delete":
foreach ($item as $bit) {
$query = "DELETE FROM " . $table . " WHERE id=" . $bit;
$result = mysql_query($query) or die("Query failed: " .
mysql_error());
}
break;
default:
echo "<form method=post>";
echo "<input type=checkbox name=item[] value=1>"
echo "<input type=checkbox name=item[] value=2>"
echo "<input type=hidden name=status value=delete>";
echo "<input type=submit value=Delete>";
echo "</form>";
}
?>
============
BTW, is there some book like "The 50 pitfalls of writing web apps in
PHP" that would take real-life newbie errors like the above, explain
why they're wrong, and the safe way to rewrite them?
Thanks.
Navigation:
[Reply to this message]
|