I'm wondering if $_POST & $_GET can have issues with security.
Let's say i have an AJAX code that sends the data to a PHP file with the following:
if(isset($_POST['id'])) {
$client_id = mysql_real_escape_string($_POST['id']);
$client_name = mysql_real_escape_string($_POST['name']);
//Delete the Client
$sql="DELETE FROM clients WHERE id='".$client_id."'";
mysql_query($sql) or die(mysql_error());
//Client Pages Delete
$sql="DELETE FROM fanpages WHERE client='".$client_name."'";
mysql_query($sql) or die(mysql_error());
Now let's say the PHP file name is delete.php any user can just write something like delete.php?id=423&name=Jack and it will shout the query and delete the client?
I was thinking about adding a COOKIE check at the beginning but as far as i know COOKIE's can be faked as well, am i right?
So what is the solution for making safe $_POST & $_GET requests with the combination of DB quires?
EDIT: All this happens inside of a user-password secured area but I'm asking about the sole delete.php file, do i need to add a COOKIE check to this file as well?
EDIT2: The script is working with COOKIE's not SESSIONS, should i add SESSIONS to the system as well? is it necessary to have cookies and session on the same system?
The trick is to properly escape data and prevent SQL injections. If it comes to deleting a user and you want to be extra safe, you could require a login or something too.
session_start();
// ...
if (true === $_SESSION['userLoggedIn']) {
// your code
}
Of course, this would require you to create some sort of authentication procedure after a login form is submitted. (e.g. querying a MySQL database and testing the username and password against a table of users)
You should allow only logged in clients to issue a sensative request like that. Use sessions In the beginning of file you'll do session_start();
then you'll check $_SESSION["username"] if it is empty then you won't delete it but if a username is there (which you'll set on login) then you'll verify if the user has the privilege to do the operation.
This thread is targetted towards sessions, but I bet your cookies aren't safe as is right now. It's super easy to steal cookies. You should do sessions, but you need to make sure your session path is private and that you aren't letting people hijack your session, etc.