query user to delete message

Forum Moderators: coopster

Message Too Old, No Replies

query user to delete message

systemwindows

11:51 am on Mar 13, 2010 (gmt 0)

Hello

I want query user to delete message

Example as in the picture

<snip>

Could you please give your opinion on this code according to the tables in the picture placed in the subject

$query_delete = mysql_query("DELETE FROM messages WHERE id=$_GET[id]");

echo "<a href='delete.php?id=$tab[id]'>Delete</a>"

Is it possible to complete the code according to the tables set picture

[edited by: dreamcatcher at 12:57 pm (utc) on Mar 13, 2010]
[edit reason] no urls please, see T.O.S [/edit]

Anyango

1:52 pm on Mar 13, 2010 (gmt 0)

Picture? WW won't show us any picture placed in the message

eelixduppy

6:31 pm on Mar 13, 2010 (gmt 0)

Please describe your situation without the use of a image URL.

rocknbil

9:10 pm on Mar 13, 2010 (gmt 0)

Welcome aboard systemwindows,

Could you please give your opinion on this code

http://example.com/delete.php?id=3%20or%201=1

What did I just do?

"select 1=1" always returns true.

DELETE FROM messages WHERE id=3 or 1=1

Poof . . . this deletes all the messages in this table. Oops.

if (is_numeric($_get['id']) and ($_get['id'] > 0)) {
$id=$_get['id'];
}
else { echo 'BAD DATA'; exit; }

or

if (preg_match('/^\d+$/',$_get['id']) and ($_get['id'] > 0)) {
$id=$_get['id'];
}
else { echo 'BAD DATA'; exit; }

$query_delete = mysql_query("DELETE FROM messages WHERE id=$id");

That's a start, I think . . .