php code

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Post Reply
User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: php code

Post by egami » Wed Sep 26, 2012 1:56 pm

Code: Select all

<?php

include ('connectdb.php');

if (isset($_GET['id']) && $_GET['id'] == preg_replace('/[^0-9]/','',$_GET['id']))
{
  //VERY DANGEROUS..
  $id = $_GET['id']; // I can inject beautiful code here to really screw you over... so, better to do it this way
  $id = preg_replace('/[^0-9]/','',$_GET['id']); // yes, processor intense, but saves dolphins lives.
  // and actually, if you leave the above "IF" statement, you can remove the above line all together.

  $query = "DELETE FROM fotos WHERE id='$id'";
  //$result = mysql_query($query); // The actual query to call and delete.. Uncomment this when ready
  header("Location: listar.php");
} else { 
  echo "Either the ID was not submitted, or the ID was improperly formatted. Goodbye.";
}
 

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 13 guests