Posted by MaXX on 10/29/76 11:45

Hi,
I hope I'm not OT.

I have the following issue:
I want to delete a record from my db with a php script. Let's say I'm auth'd
and I want to delete the record id 440. With a simple form (get or post), I
send the id to my script and delete the record (DELETE FROM table WHERE
id=some_validated_input).

The problem is if I'm a nasty guy I just write my own form and delete any
record I want (since I'm auth'd) by just sending another id.

Is there any way to make arbitrary record deletion non-trivial in php? I'm
thinking about a hash function to replace the real db id (DELETE FROM table
WHERE record_hash=validated_form_hash), if possible without adding an
awfull lot of server side computation.

How do you guys deal with that kind of situation?

Thanks,
--
MaXX

• Next in forum: Re: Safely deleting a db record with php
• Prev in forum: Re: typing lynx in input box breaks script?
• Thread view: Safely deleting a db record with php

[Reply to this message]