security deleting a mysql row with jQuery $.post

Posted by FFish on Stack Overflow See other posts from Stack Overflow or by FFish
Published on 2010-03-26T19:17:46Z Indexed on 2010/03/26 19:33 UTC
Read the original article Hit count: 331

Filed under:
|
|
|

I want to delete a row in my database and found an example on how to do this with jQuery's $.post()
Now I am wondering about security though..
Can someone send a POST request to my delete-row.php script from another website?

JS

function deleterow(id) {
    // alert(typeof(id)); // number
    if (confirm('Are you sure want to delete?')) {
    $.post('delete-row.php', {album_id:+id, ajax:'true'},
        function() {
            $("#row_"+id).fadeOut("slow");
        });
    }
}

PHP: delete-row.php

<?php
require_once("../db.php");
mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD) or die("could not connect to database " . mysql_error());
mysql_select_db(DB_NAME) or die("could not select database " . mysql_error());

if (isset($_POST['album_id'])) {    
    $query = "DELETE FROM albums WHERE album_id = " . $_POST['album_id'];
    $result = mysql_query($query);
    if (!$result) die('Invalid query: ' . mysql_error());
    echo "album deleted!";
}
?>

© Stack Overflow or respective owner

Related posts about security

Related posts about mysql