SQL Query causing blank page
I've just got a basic query to delete the fields for a certain user, determined by a dropdown form on a previous page. I've tested the $_POST['Username'] with an echo and that is working fine, but as soon as I add the query it all goes blank, no error message or anything. Here the source:
PHP Code:
PS: If you spot any bad coding I can rectify please let me know, just starting to learn this stuff ;P |
Never mind xD Just realised there is a semi colon after the curly bracket in the final error statement.
Epic Fail on me.. |
You haven't really sanitized your $deleteuser before you run it against the database.. This could allow for an SQL injection attack. You should always sanitize data before you run it in a query.. In your scenario, an attacker could inject % into $_POST['Username']; and delete every user in that database. You should also consider using "LIMIT 1" at the end of your delete statement if you are not deleting using a primary key (like UserID).
An example would be: PHP Code:
Also, checkout my mysql class: http://phphq.net/codebits.php |
Yeah I saw something about sanitising the code, so i'll look into that. Thanks for the limit, i'll take a look at your page when I get some time later :)
|
All times are GMT -5. The time now is 08:12 PM. |
Powered by vBulletin®