Posted by Geoff Berrow on 02/06/06 02:19

Message-ID: <F-qdnc_NlcIkrHveRVn-iA@comcast.com> from Jerry Stuckle
contained the following:

>You need to be VERY careful on this one. You aren't validating the data.
>
>For instance - what happens if I type in the browser:
>
> http://www.example.com/delete.php?id=5+OR+1%3d1
>
>Your query ends up as "delete from people where id=5 or 1=1";
>
>Google for 'sql injection".

Also, I would avoid having links that delete files altogether. If a
search engine ever makes it to that page all your data will be deleted.

I usually make the table a form and use checkboxes
echo "<input type ='checkbox' name='del[]'value=$id>";

Name all the boxes 'del[]' When posted the items to be deleted will be
in an array and you can loop through it and delete them.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

• Next in forum: Re: joining pdf files in php
• Prev in forum: Newbie problems with Multiple Select form, and MySQL ENUM types.
• Thread view: Re: Listing table data with an option to delete each individual item.

[Reply to this message]