php code

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

vitorlucas
New php-forum User
New php-forum User
Posts: 1
Joined: Wed Sep 26, 2012 10:53 am

php code

Postby vitorlucas » Wed Sep 26, 2012 11:08 am

<?php
include"conectdb.php";
$id = $_GET['id'];
$query = mysql_query("DELETE FROM fotos where id='$id'"); //command that deletes the record
echo "<script> window.location='listar.php'; </script>";
?>


Can anyone help me verify if this correct? I have a problem in receiving the "id" line 3!

thanks

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: php code

Postby egami » Wed Sep 26, 2012 1:56 pm

Code: Select all

<?php

include ('connectdb.php');

if (isset(
$_GET['id']) && $_GET['id'] == preg_replace('/[^0-9]/','',$_GET['id']))
{
  
//VERY DANGEROUS..
  
$id $_GET['id']; // I can inject beautiful code here to really screw you over... so, better to do it this way
  
$id preg_replace('/[^0-9]/','',$_GET['id']); // yes, processor intense, but saves dolphins lives.
  // and actually, if you leave the above "IF" statement, you can remove the above line all together.

  
$query "DELETE FROM fotos WHERE id='$id'";
  
//$result = mysql_query($query); // The actual query to call and delete.. Uncomment this when ready
  
header("Location: listar.php");
} else { 
  echo 
"Either the ID was not submitted, or the ID was improperly formatted. Goodbye.";
}
 


Return to “PHP coding => General”

Who is online

Users browsing this forum: No registered users and 1 guest