如何防止SQL注入的URL參數變化（DELETE語句）PHP

Question

我有一個這樣的代碼下面通過URL參數刪除條目

<td><a href="deletecar.php?car_id=<?php echo $row_cars['car_id']; ?>" onclick=" if (!confirm('Are you sure to DELETE?')) return false; ">Delete</a></td> 

這是URL參數輸出

http://localhost/html/deletecar.php?car_id=17 

但如果我改變car_id = 17到car_id = 23（這是在其他用戶的汽車列表），它正在刪除

我怎樣才能防止這種

deletecar.php就像下面

<?php 
if (!function_exists("GetSQLValueString")) { 
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{ 
    if (PHP_VERSION < 6) { 
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; 
    } 

    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); 

    switch ($theType) { 
    case "text": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break;  
    case "long": 
    case "int": 
     $theValue = ($theValue != "") ? intval($theValue) : "NULL"; 
     break; 
    case "double": 
     $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; 
     break; 
    case "date": 
     $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
     break; 
    case "defined": 
     $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; 
     break; 
    } 
    return $theValue; 
} 
} 

if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "") && (isset($_SESSION['MM_Username']))) { 
    $deleteSQL = sprintf("DELETE FROM cars WHERE car_id=%s", 
         GetSQLValueString($_GET['car_id'], "int")); 

    mysql_select_db($database_conn, $conn); 
    $Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error()); 

    $deleteGoTo = "myaccount.php"; 
    if (isset($_SERVER['QUERY_STRING'])) { 
    $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?"; 
    $deleteGoTo .= $_SERVER['QUERY_STRING']; 
    } 
    header(sprintf("Location: %s", $deleteGoTo)); 
} 
?> 

這是我在數據庫表

INSERT INTO `car` (`car_id`, `c_id`, `c_brand`, `c_model`, `c_model_nd`, `c_model_year`, `c_color`, `c_capacity`, `c_owner`, `c_statu`, `c_show`) VALUES 
(16, '34DA1593', 'Volkswagen', 'Volt', '313 CDI', 2006, 'Beyaz', '', 18, 'yakamozturizm', 'Boş', 0), 
(17, '34BC5897', 'Mercedes', 'Sprinter', '313CDI', 2006, 'Gri', '', 14, 'PcRestorer', 'Boş', 0), 
(18, '34DBC145', 'Volkswagen', 'Volt', '213 CDI', 2013, 'Beyaz', '', 16, 'PcRestorer', 'Boş', 0); 

編輯....

我已經改變了我的代碼一樣，

$colname_delete = "-1"; 
if (isset($_GET['car_id'])) { 
    $colname_delete = $_GET['car_id']; 
} 
$owner_delete = "-1"; 
if (isset($_SESSION['MM_Username'])) { 
    $owner_delete = $_SESSION['MM_Username']; 
} 

if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "")) { 
    $deleteSQL = sprintf("DELETE FROM minibusler WHERE car_id = %s AND c_owner =%s", 

GetSQLValueString($colname_delete, "int"), 
GetSQLValueString($owner_delete, "text")); 

    mysql_select_db($database_conn, $conn); 
    $Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error()); 

    $deleteGoTo = "myaccount.php"; 
    if (isset($_SERVER['QUERY_STRING'])) { 
    $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?"; 
    $deleteGoTo .= $_SERVER['QUERY_STRING']; 
    } 
    header(sprintf("Location: %s", $deleteGoTo)); 
} 

它看起來工作你認爲這是安全的方式來做到這一點

感謝您的幫助

Answer 1

，以使其不太臃腫

if (empty($_SESSION['MM_Username'])) { 
    exit; // take appropriate action here 
} 
if (empty($_GET['car_id'])) { 
    exit; // take appropriate action here 
} 

mysql_select_db($database_conn, $conn); 
$sql = sprintf("DELETE FROM minibusler WHERE car_id = %s AND c_owner =%s", 
       GetSQLValueString($_GET['car_id'], "int"), 
       GetSQLValueString($_SESSION['MM_Username'], "text")); 
mysql_query($sql, $conn) or trigger_error(mysql_error()); 

header("Location: myaccount.php"); 
exit; 

Answer 2

在任何情況下刪除car你應該檢查之前，如果它屬於當前用戶。如果不顯示合適的消息。