我有一個這樣的代碼下面通過URL參數刪除條目如何防止SQL注入的URL參數變化(DELETE語句)PHP
<td><a href="deletecar.php?car_id=<?php echo $row_cars['car_id']; ?>" onclick=" if (!confirm('Are you sure to DELETE?')) return false; ">Delete</a></td>
這是URL參數輸出
http://localhost/html/deletecar.php?car_id=17
但如果我改變car_id = 17到car_id = 23(這是在其他用戶的汽車列表),它正在刪除
我怎樣才能防止這種
deletecar.php就像下面
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "") && (isset($_SESSION['MM_Username']))) {
$deleteSQL = sprintf("DELETE FROM cars WHERE car_id=%s",
GetSQLValueString($_GET['car_id'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "myaccount.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
這是我在數據庫表
INSERT INTO `car` (`car_id`, `c_id`, `c_brand`, `c_model`, `c_model_nd`, `c_model_year`, `c_color`, `c_capacity`, `c_owner`, `c_statu`, `c_show`) VALUES
(16, '34DA1593', 'Volkswagen', 'Volt', '313 CDI', 2006, 'Beyaz', '', 18, 'yakamozturizm', 'Boş', 0),
(17, '34BC5897', 'Mercedes', 'Sprinter', '313CDI', 2006, 'Gri', '', 14, 'PcRestorer', 'Boş', 0),
(18, '34DBC145', 'Volkswagen', 'Volt', '213 CDI', 2013, 'Beyaz', '', 16, 'PcRestorer', 'Boş', 0);
編輯....
我已經改變了我的代碼一樣,
$colname_delete = "-1";
if (isset($_GET['car_id'])) {
$colname_delete = $_GET['car_id'];
}
$owner_delete = "-1";
if (isset($_SESSION['MM_Username'])) {
$owner_delete = $_SESSION['MM_Username'];
}
if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "")) {
$deleteSQL = sprintf("DELETE FROM minibusler WHERE car_id = %s AND c_owner =%s",
GetSQLValueString($colname_delete, "int"),
GetSQLValueString($owner_delete, "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "myaccount.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
它看起來工作你認爲這是安全的方式來做到這一點
感謝您的幫助
這是不以任何方式SQL注入。問題的其餘部分沒有問題,沒有什麼可以降低評分的。 – 2013-04-21 10:50:54
第一個條件看起來相當無用 – 2013-04-21 11:33:04