php code

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

New php-forum User
New php-forum User
Posts: 1
Joined: Wed Sep 26, 2012 10:53 am

php code

Postby vitorlucas » Wed Sep 26, 2012 11:08 am

$id = $_GET['id'];
$query = mysql_query("DELETE FROM fotos where id='$id'"); //command that deletes the record
echo "<script> window.location='listar.php'; </script>";

Can anyone help me verify if this correct? I have a problem in receiving the "id" line 3!


User avatar
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: php code

Postby egami » Wed Sep 26, 2012 1:56 pm

Code: Select all


include ('connectdb.php');

if (isset(
$_GET['id']) && $_GET['id'] == preg_replace('/[^0-9]/','',$_GET['id']))
$id $_GET['id']; // I can inject beautiful code here to really screw you over... so, better to do it this way
$id preg_replace('/[^0-9]/','',$_GET['id']); // yes, processor intense, but saves dolphins lives.
  // and actually, if you leave the above "IF" statement, you can remove the above line all together.

$query "DELETE FROM fotos WHERE id='$id'";
//$result = mysql_query($query); // The actual query to call and delete.. Uncomment this when ready
header("Location: listar.php");
} else { 
"Either the ID was not submitted, or the ID was improperly formatted. Goodbye.";

Return to “PHP coding => General”

Who is online

Users browsing this forum: Baidu [Spider] and 2 guests