Reaper0167 Posted March 10, 2010 Share Posted March 10, 2010 Is there anything else that I should have, security I mean? <?php session_start(); if( (isset($_SESSION['who'])) || (isset($_SESSION['auth'])) ) { include 'connection.php'; $delete_this = $_GET['delete_id']; $got_you = $_SESSION['who']; $result = mysql_query("SELECT * FROM my_table WHERE id = '$delete_this' "); while ($row = mysql_fetch_array($result)) { $server_pic = $row['imgpath']; $server_file = $row['track_loc']; } unlink($server_pic); //removes picture from server unlink($server_file); //removes file from server mysql_query("DELETE FROM my_table WHERE id='$delete_this'"); //remove track info from db mysql_query("DELETE FROM my_table2 WHERE track_id = '$delete_this'"); //remove track comments from db mysql_query("DELETE FROM my_table3 WHERE track_id = '$delete_this'"); //remove best lap time info from db mysql_close(); header("location:my_page.php"); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
The Eagle Posted March 10, 2010 Share Posted March 10, 2010 Looks good, from my little perspective. Just, I don't know if they'd be able to change the variable "$got_you" to whatever they'd want and delete other userfiles. Doesn't sound plausible, but just had me look. Quote Link to comment Share on other sites More sharing options...
Reaper0167 Posted March 10, 2010 Author Share Posted March 10, 2010 Wouldn't they only be able to change it if they knew what the session variable name was? If they didn't know about "session who", then how could they change it? It is not a variable that is passed through the url. Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted March 10, 2010 Share Posted March 10, 2010 You're not using mysql_real_escape_string(). I don't see what purpose $got_you even serves; you assign to it and then never use it. What's to stop me from putting whatever I want into delete_id and deleting stuff other people posted? Quote Link to comment Share on other sites More sharing options...
Reaper0167 Posted March 10, 2010 Author Share Posted March 10, 2010 I know what you mean, switch $delete_this = $_GET['delete_id']; to $delete_this = mysql_real_escape_string($_GET['delete_id']); and yes, I had $got_you in the code for future add-ons to the script, it is probably best to leave it out til it is needed? So would that be about it with the mysql_real_escape_string ? What else could someone do? Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted March 10, 2010 Share Posted March 10, 2010 So would that be about it with the mysql_real_escape_string ? Yes. What's to stop me from putting whatever I want into delete_id and deleting stuff other people posted? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.