Is this PHP/MySQL delete function secure?

I have a setup where I am deleting entries from a table.

It is based on the querystring of the URL which I'm thinking might be a bad way to start anyway.

So if the URL is:

http://www.mysite.com/delete.php?id=123&ref=abc

And the php in delete.php is as follows:

$id=$_GET['id']; $ref=$_GET['ref']; $con = mysql_connect("blahblah","user","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("test", $con); mysql_query("DELETE FROM mytable WHERE id=" . $id . " AND ref='" . $ref . "'"); mysql_close($con);

Is there a way to make this more secure... or is this indeed in any way secure at all??

EDIT:

OK, so based on the feedback I've taken a new approach.

list.php contains a set of radiobuttons for each entry in the table - as follows:

$con = mysql_connect("localhost","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("db", $con); $result = mysql_query("SELECT * FROM myTable"); echo "<form name='wer' id='wer' action='delete.php' method='post' >"; echo "<table border='1'>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['title'] . "</td>"; echo "<td><input type='radio' name='test1' value='" . $row['id'] . "' /></td>"; echo "</tr>"; } echo "</table>"; echo "<input type='submit' name='submit' value='Submit' />"; echo "</form>"; mysql_close($con);

And delete.php looks like this:

function check_input($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; } $con = mysql_connect("localhost","user","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } $varID = check_input($_POST["id"]); mysql_select_db("db", $con); $sql="DELETE FROM myTable WHERE id IN (" . $varID . ")"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } mysql_close($con); header("Location: list.php");

Is this a better way to go about it?

-------------Problems Reply------------

  1. You have a SQL injection vulnerability since you don't sanitize the GET parameters you put into your query. The attacker can use that to delete all elements in your table.
    The clean solution to this is using prepared Statements.
    The quick and dirty solution is putting them in quotation marks and running them through mysql_real_escape_string.
  2. Even if you fix that part, if the attacker can guess a valid id/ref pair he can delete that entry.
  3. If a parameter is an integer, then why don't you make its type integer too? Something like $id=intval($_GET['id'])

GET is considered a safe method and should not have any side effects:

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".

In your case your script might be vulnerable to Cross-Site Request Forgery. You should better use POST instead and consider some kind of authentication and authorization check before deleting.

Additionally, since you use the passed parameters unaudited and unmodified, you are also vulnerable to SQL Injections.

At the very least, you should put these values into parameters instead of sticking them right into your SQL statement. Right now you are vulnerable to a SQL Injection attack. Here is a good article on how to parameterize your query, use a stored procedure, or validate the incoming statement. This should greatly help your security:

https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

mysql_query(sprintf("DELETE FROM mytable WHERE id='%s' AND ref='%s'", mysql_real_escape_string($id),mysql_real_escape_string($res)));

Category:php Views:0 Time:2011-05-21

Related post

  • Delete function not working PHP MySQL 2011-07-07

    I have the following DELETE function i've tried to write by hand, from what I've learnt so far, however it doesnt seem to be working and I cant find anything online to see where im going wrong, can anybody see obvious errors? <?php if(isset($_POST

  • Need Status delete function help 2011-05-31

    I'm a beginner in most things php, Mysql and Java, I need help with adding a delete status function. I need to know if my delete button is in the right place and what I need to put in my delete.php page for a users comment to be deleted out of my dat

  • SQL Regex function that is similar to the MySql REGEX Function 2009-06-08

    I am looking for a function that would be able to do the same thing as the MySQL REGEX function for TSQL. Basically i need my Query to look something like the following: SELECT * FROM Routing WHERE (@Message REGEX RouteRegex); I am not to keen to use

  • Add,Update and Delete functionality in JQGrid 2009-11-04

    How can I do the add,update and delete functionality in the JQgrid.Please help me Thanks Ritz --------------Solutions------------- I assume you know some basic commands in deleting and adding using php mysql: Once, you click the "add button" or "dele

  • mysql deletion efficiency 2010-08-18

    I have a table with large amount of data. The data need to be updated frequently: delete old data and add new data. I have two options whenever there is an deletion event, I delete the entry immediately I marked delete the entries and use an cron job

  • MYSQL: delete all rows containing string "foo" in table "bar" 2010-11-22

    What's the command to achieve this: MYSQL: delete all rows containing string "foo" in table "bar" --------------Solutions------------- DELETE FROM bar where field1 like '%foo%' OR field2 like '%foo%' OR ... fieldLast like '%foo%' You'll need to expli

  • Cannot use a MySQL UDF function 2011-06-01

    I have loaded an UDF function into MySQL (without having selected any particular DB). It used to work well during my session but now I get the error "ERROR 1305 (42000): FUNCTION currentdatabase.myfunction does not exist" when I try to use the functi

  • Why is the old mysql password function considered insecure 2011-08-16

    I know that the old mysql password function (pre-4.1) is considered insecure, but I'm not sure why. What are the specific reasons that it's considered insecure? --------------Solutions------------- According to the MySQL docs on password hashing: The

  • MySQL: Delete rows from several tables in one query 2011-08-17

    What is the proper way to delete rows from several tables in one query? The reason I ask is because I am doing this with PHP. If I use multiple queries to delete from each table one at a time, PHP has to make multiple trips to the database. Will ther

  • Impossible to uninstall MSE and to delete "Microsoft Security Client" directory 2012-10-12

    Impossible to uninstall MSE and to delete "Microsoft Security Client" directory I have recently been infected by viruses. After removal, I saw that it was impossible both to uninstall MSE or install it again. It appears that directory C:\Program File

  • IE 8 is not deleting temp files, cookies and browsing history THOROUGHLY when I use the delete function in Internet Tools - it is really SLOWING DOWN IE to the point of non-functionality. 2013-10-12

    I continue to have a problem getting all the temp files, cookies and browsing history to delete properly when I use the delete funciton in Internet Tools. There was a time when it was working properly and deleted everything but I noticed that the del

  • Problem with search and delete functions 2014-08-29

    I use Vista Ultimate and over the past few weeks I am experiencing problems using the search and delete functions. Whenever I try to search something the seach window does not allow me to do so and goes into a hand. Whenever I delete somthing, a smal

  • Disable the Delete-Function in Windows Media Center 2014-11-13

    If a Video in Media Center is finisched Media Center give you the option to delete the File. How can I disable the delte-Function in Windows Media Center? --------------Solutions------------- Hi ralsinn82, By the design of the Operating system, Media

  • MySQL Hashing Function Implementation 2008-11-03

    I know that php has md5(), sha1(), and the hash() functions, but I want to create a hash using the MySQL PASSWORD() function. So far, the only way I can think of is to just query the server, but I want a function (preferably in php or Perl) that will

  • Does the MySQL TRIM function not trim line breaks or carriage returns? 2008-11-11

    From my experiments, it does not appear to do so. If this is indeed true, what is the best method for removing line breaks? I'm currently experimenting with the parameters that TRIM accepts of the character to remove, starting with trimming \n and \r

  • How can I delete a security group from Active directory in .NET? 2009-02-18

    How can I delete a security group from Active directory in .NET? --------------Solutions------------- In .NET 3.5 you can make use of the new namespace System.DirectoryServices.AccountManagement and try the following: var SecurityContext= new Princip

  • Recording MySQL DELETE statements 2009-07-22

    We have a MySQL->Oracle ETL using Informatica that works great for all statements except DELETE. Unfortunately, the DELETE makes the record go away such that Informatica never sees it again to remove/expire it in Oracle. How have people gone about

  • How to fix fringe cases in BST delete function? 2009-07-26

    Assume that my delete tries to rebalance the tree inorder (left to right). I'm writing a BinarySearchTree class currently, and my delete function currently works (I believe - I hope <3) in most cases. I have a few fringe cases to contend with: Del

  • What's faster/better to use MYSQL md5 FUNCTION or run md5 php function? 2009-07-26

    I check password of users against the DB. what is faster, check it in Mysql MD5 function ... pwd = MD5('.$pwd.') OR in PHP MD5 function ... pwd = '.md5($pwd).' or what is The Right Way Between two options ? thanks --------------Solutions-------------

Copyright (C) dskims.com, All Rights Reserved.

processed in 0.113 (s). 11 q(s)