security deleting a mysql row with jQuery $.post
Posted
by FFish
on Stack Overflow
See other posts from Stack Overflow
or by FFish
Published on 2010-03-26T19:17:46Z
Indexed on
2010/03/26
19:33 UTC
Read the original article
Hit count: 331
I want to delete a row in my database and found an example on how to do this with jQuery's $.post()
Now I am wondering about security though..
Can someone send a POST request to my delete-row.php script from another website?
JS
function deleterow(id) {
// alert(typeof(id)); // number
if (confirm('Are you sure want to delete?')) {
$.post('delete-row.php', {album_id:+id, ajax:'true'},
function() {
$("#row_"+id).fadeOut("slow");
});
}
}
PHP: delete-row.php
<?php
require_once("../db.php");
mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD) or die("could not connect to database " . mysql_error());
mysql_select_db(DB_NAME) or die("could not select database " . mysql_error());
if (isset($_POST['album_id'])) {
$query = "DELETE FROM albums WHERE album_id = " . $_POST['album_id'];
$result = mysql_query($query);
if (!$result) die('Invalid query: ' . mysql_error());
echo "album deleted!";
}
?>
© Stack Overflow or respective owner