PDA

View Full Version : Delete data safe


Adem GEN?
03-07-2009, 10:01 PM
Hello,

Code safe deleted for?

Options delete:
checkbox = submit OR Delete text link

("DELETE FROM " . TABLE_PREFIX . "table_name
WHERE xxx_id = '".$_GET['id_delete']."'");What may be safer with a code?

Note: I for external custom page

Lynne
03-07-2009, 10:44 PM
I'd suggest you look at this article on how to create secure mods. You are going to want to run that variable, $_GET['id_delete'] through the cleaner - Create Secure Mods (https://vborg.vbsupport.ru/showthread.php?t=154411)

This article is also about the input cleaner - Using the vBulletin Input Cleaner (https://vborg.vbsupport.ru/showthread.php?t=119372&highlight=cleaner)

TigerC10
03-08-2009, 04:03 AM
This is safer:


$id = $vbulletin->input->clean_gpc('g', 'id_delete', TYPE_UINT);

$row = $db->query_first("
DELETE FROM " . TABLE_PREFIX . "table_name
WHERE xxx_id = $id
");

Adem GEN?
03-08-2009, 09:41 PM
Thank you