|
-
Feb 12th, 2013, 04:31 PM
#3
Frenzied Member
Re: PHP Session Issue
Hmm, is ID varchar in the table? If not, are you accidently setting it to the string value of 1 or 2? I would also use $_POST instead of $_GET, a little more secure. Also, slap an intval() around that $row in that query.
Could also do: MySQL_query(sprintf("Delete From messages Where mid=%d",intval($row))) or die ("Query error"). Unless you plan on turning off errors and warnings, I wouldn't echo MySQL_error().
The intval() will return zero if an int conversion fails (returns 0) prevents someone from making $row = '2 OR mid > -1' or something along those lines.
Not echoing the error is just to keep table/field names unviewable by users. If you need the error, create log files and store them outside of root.
Justin
**Edit: the f on sprintf always seems to escape me.
Last edited by MonkOFox; Feb 13th, 2013 at 08:19 AM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote