我有一个像下面这样的代码通过URL参数删除条目
<td><a href="deletecar.php?car_id=<?php echo $row_cars['car_id']; ?>" onclick=" if ( !confirm('Are you sure to DELETE?') ) return false; ">Delete</a></td>
这是URL参数输出
http://localhost/html/deletecar.php?car_id=17
但是如果我将car_id=17更改为car_id=23(这是在其他用户的汽车列表中),它将删除
我该如何预防呢
deletecar.php如下所示
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "") && (isset($_SESSION['MM_Username']))) {
$deleteSQL = sprintf("DELETE FROM cars WHERE car_id=%s",
GetSQLValueString($_GET['car_id'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "myaccount.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
这是我在数据库
中的表INSERT INTO `car` (`car_id`, `c_id`, `c_brand`, `c_model`, `c_model_nd`, `c_model_year`, `c_color`, `c_capacity`, `c_owner`, `c_statu`, `c_show`) VALUES
(16, '34DA1593', 'Volkswagen', 'Volt', '313 CDI', 2006, 'Beyaz', '', 18, 'yakamozturizm', 'Boş', 0),
(17, '34BC5897', 'Mercedes', 'Sprinter', '313CDI', 2006, 'Gri', '', 14, 'PcRestorer', 'Boş', 0),
(18, '34DBC145', 'Volkswagen', 'Volt', '213 CDI', 2013, 'Beyaz', '', 16, 'PcRestorer', 'Boş', 0);
编辑……
我已经改变了我的代码,像这样
$colname_delete = "-1";
if (isset($_GET['car_id'])) {
$colname_delete = $_GET['car_id'];
}
$owner_delete = "-1";
if (isset($_SESSION['MM_Username'])) {
$owner_delete = $_SESSION['MM_Username'];
}
if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "")) {
$deleteSQL = sprintf("DELETE FROM minibusler WHERE car_id = %s AND c_owner =%s",
GetSQLValueString($colname_delete, "int"),
GetSQLValueString($owner_delete, "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "myaccount.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
看起来有效,你认为这样做是安全的吗
Thanks For Your HELP
无论如何,在删除car之前,您应该检查它是否属于当前用户。
使其不那么臃肿
if (empty($_SESSION['MM_Username'])) {
exit; // take appropriate action here
}
if (empty($_GET['car_id'])) {
exit; // take appropriate action here
}
mysql_select_db($database_conn, $conn);
$sql = sprintf("DELETE FROM minibusler WHERE car_id = %s AND c_owner =%s",
GetSQLValueString($_GET['car_id'], "int"),
GetSQLValueString($_SESSION['MM_Username'], "text"));
mysql_query($sql, $conn) or trigger_error(mysql_error());
header("Location: myaccount.php");
exit;