I have a code like below for DELETE entry by URL Parameter
<td><a href="deletecar.php?car_id=<?php echo $row_cars['car_id']; ?>" onclick=" if ( !confirm('Are you sure to DELETE?') ) return false; ">Delete</a></td>
And this is URL Parameter output
http://localhost/html/deletecar.php?car_id=17
But if i change car_id=17 to car_id=23(which is in an other users car list) it is deleting
How i can prevent this
deletecar.php is like below
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "") && (isset($_SESSION['MM_Username']))) {
$deleteSQL = sprintf("DELETE FROM cars WHERE car_id=%s",
GetSQLValueString($_GET['car_id'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "myaccount.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
And this is my table in database
INSERT INTO `car` (`car_id`, `c_id`, `c_brand`, `c_model`, `c_model_nd`, `c_model_year`, `c_color`, `c_capacity`, `c_owner`, `c_statu`, `c_show`) VALUES
(16, '34DA1593', 'Volkswagen', 'Volt', '313 CDI', 2006, 'Beyaz', '', 18, 'yakamozturizm', 'Boş', 0),
(17, '34BC5897', 'Mercedes', 'Sprinter', '313CDI', 2006, 'Gri', '', 14, 'PcRestorer', 'Boş', 0),
(18, '34DBC145', 'Volkswagen', 'Volt', '213 CDI', 2013, 'Beyaz', '', 16, 'PcRestorer', 'Boş', 0);
Edit....
i have changed my code like that
$colname_delete = "-1";
if (isset($_GET['car_id'])) {
$colname_delete = $_GET['car_id'];
}
$owner_delete = "-1";
if (isset($_SESSION['MM_Username'])) {
$owner_delete = $_SESSION['MM_Username'];
}
if ((isset($_GET['car_id'])) && ($_GET['car_id'] != "")) {
$deleteSQL = sprintf("DELETE FROM minibusler WHERE car_id = %s AND c_owner =%s",
GetSQLValueString($colname_delete, "int"),
GetSQLValueString($owner_delete, "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "myaccount.php";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
It looks working do you think it is secure way to do that
Thanks For Your HELP
to make it less bloated
if (empty($_SESSION['MM_Username'])) {
exit; // take appropriate action here
}
if (empty($_GET['car_id'])) {
exit; // take appropriate action here
}
mysql_select_db($database_conn, $conn);
$sql = sprintf("DELETE FROM minibusler WHERE car_id = %s AND c_owner =%s",
GetSQLValueString($_GET['car_id'], "int"),
GetSQLValueString($_SESSION['MM_Username'], "text"));
mysql_query($sql, $conn) or trigger_error(mysql_error());
header("Location: myaccount.php");
exit;
In any case before deleting a car you should check that if it belongs to the current user. If not display a suitable message.