1

I have a delete script on my dashboard that WAS working before moving domains.

( not sure if that is relevant )

The code for my 'deletejob.php' is below.

<?php
error_reporting(0);

$host = 'localhost';
$port = 3306;
$database = 'database';
$username = 'username';
$password = 'password';

$UID = $_POST["ID"];


// Connect to the database    
$dsn = "mysql:host=$host;port=$port;dbname=$database";
$db = new PDO($dsn, $username, $password); // connect

$Query = "DELETE FROM joblist WHERE ID='$UID'";
// Do a query thingy whatever its called
$statement = $db->prepare($Query);
$statement->execute();
while ($result = $statement->fetchObject()) {}

?>

The script functions as if it is working and even gives me the alert
( ID has been successfully deleted. )

Does anyone have any idea as to why this script would return a false positive?

Improve this question
11
  • 1
    Not much use of using prepared statements if you just paste the value straight into your query... Commented Apr 25, 2016 at 9:08
  • where is your alert code?on which basis you shows the alert? Commented Apr 25, 2016 at 9:08
  • Can we see your form? Since there is no error checking in your code how should it alert you? Commented Apr 25, 2016 at 9:08
  • 2
    I`m not sure prepare->execute works with pasted variables.And why do you use fetchObject on DELETE? Commented Apr 25, 2016 at 9:09
  • 3
    you are vulnerable to sql injections like 0 OR '1' = '1 Commented Apr 25, 2016 at 9:09

1 Answer 1

Reset to default
1

You must find the row you want to delete, using SELECT statement, like this: 

$stmt= $conn->query("SELECT * FROM users WHERE id='".$_REQUEST['ids']."'");

Also You have to have the following sent when you click the delete button or it will not delete at all:

<input type="hidden" name="id" value="<?php echo $_REQUEST['ids'];?>">

After the above:

$stmt= $conn->query("DELETE FROM users Where id = '".$_REQUEST['id']."'");
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.