What's the safest way to remove data from mysql? (PHP/Mysql)
Posted
by ggfan
on Stack Overflow
See other posts from Stack Overflow
or by ggfan
Published on 2010-05-09T00:09:13Z
Indexed on
2010/05/09
0:18 UTC
Read the original article
Hit count: 120
I want to allow users as well as me(the admin) to delete data in mysql. I used to have remove.php that would get $_GETs from whatever that needed to be deleted such as... remove.php?action=post&posting_id=2. But I learned that anyone can simply abuse it and delete all my data.
So what's the safest way for users and me to delete information without getting all crazy and hard? I am only a beginner :) I'm not sure if I can use POSTs because there is no forms and the data isn't changing. Is sessions good? Or would there be too many with postings, user information, comments, etc.
Ex: James wants to delete one of his postings(it is posting_id=5). So he clicks the remove link and that takes him to remove.php?action=post&posting_id=5.
© Stack Overflow or respective owner