Hello everyone, i just saw the same thread below but was not able to get from it.
Well the problem is in the userlist page i have a list of users on the database which i get from simple sql queries. On the same page on the side of each User i have delete link. Also inside the while Loop that runs sql and prints User Names i have some variable say $userid = $row ["userid"] . But I am not sure how i am going to transfer this $userid to other page when Delete Url is clicked.
THe current Url for Delete link is [PHP] href='adminlogi n.php?mode=user _delete [/PHP]
and i am using in my main adminlogin.php page if then statement. so i have [PHP]
if ($_GET['mode'] == "user_delet e")
{
include "user_delete.ph p";
}
[/PHP]
So now how can i pass the value of userid when the Delete Url is clicked.
Any thoughts. or any idea would be highly appriciated
5  3142 
I think i just got the solution ... Its working now...
I used the href link as <a href='adminlogi n.php?mode=user _delete&userid= <?php echo $userid; ?>'>
and it worked...
Just pass the userid in the url parameter, like
[php]href='adminlogi n.php?mode=user _delete?user=$u ser[/php]'
Since this is a GET call, you better verify all parameter values passed very thoroughly, otherwise some hacker might just try to call your delete script passing millions of guessed userids!
Ronald :cool:
Just pass the userid in the url parameter, like
[php]href='adminlogi n.php?mode=user _delete?user=$u ser[/php]
Since this is a GET call, you better verify all parameter values passed very thoroughly, otherwise some hacker might just try to call your delete script passing millions of guessed userids!
Ronald :cool:
Hey thanks a lot Ronverdonk... I didnt knew about that i mean the GET problem. So inorder to protect people not to try with random userid What is the good idea to follow.. Or is there any alternative of Using $_GET. I am not much familier with security issues. So could you please enlighten me on this.
Thanks again ,
The url and the parameters show up in the address bar of the browser. So someone could get an idea (and you bet it will happen) and try out all kinds of tricks with that.
So to start you must always sanitize the data you get in your program. To remove any unwanted appended code, save the passed userid after cleansing it, like this:
[php]$userid = trim(strip_tags ($_GET['userid']));[/php]
Then see if you have a maximum length gor any userid. Let's say it is 5, so check the length.
[php]if (strlen($userid ) > 5)
die ("Invalid userid");
[/php]
When your userids must consist of only characters and digits, you check that. And you check that passed userid until you are (relatively) sure that it is a valid userid.
Ronald :cool:
Hey Ronald,
Thanks a lot for the details. I will try to see what i can do to make it more secure. I really appreciate your help.
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Paul |
last post by:
Hmmm, didn't seem to work. I have set session.use_cookies = 1 and
session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION = "";
$_SESSION = "";
echo "<form method='POST' action='login.php'>
|
by: bateman |
last post by:
Hi, I have a rather puzzling problem, have asked the ASP experts at work with
no joy and its driving me mad! I'll explain the steps in more detail below
but the general problem is I am manually creating a datetime value in my asp
pages that I am putting in a session. Now this isn't being passed from page
to page while other session objects are. There is no reason I can see for
this happening.
The steps I am using are:
page1.asp - A...
|
by: Kevin Lyons |
last post by:
Hello,
I am trying to get my select options (courses) passed correctly from
the following URL: http://www.dslextreme.com/users/kevinlyons/selectBoxes.html
I am having difficulty getting the courses to pass the correct option
value and then be displayed at the following URL:
http://www.dslextreme.com/users/kevinlyons/selectResults.html
I am passing countries, products, and courses. The first two display
|
by: Richard |
last post by:
**** Post for FREE via your newsreader at post.usenet.com ****
HI,
I am working on a project where I need to input data to a (local) HTML page
using multiple form elements, such as text, radio, checkbox, and dropdown.
When the form Submit button is clicked, I then need the input data either
written to another location on the same page, or written to another page (a
different frame would be fine)
|
by: Scott Zabolotzky |
last post by:
I'm trying to pass a custom object back and forth between forms.
This custom object is pulled into the app using an external reference
to an assembly DLL that was given to me by a co-worker. A query-string
flag is used to indicate to the page whether it should instantiate
a new instance of the object or access an existing instance from
the calling page.
On the both pages I have a property of the page which is an
instance of this custom...
| | |
by: Adrian |
last post by:
hi,
if i have a textbox (not in a form) on an html page and a link to
another page how can I use the textbox value when the link is clicked?
i.e.
<input type="text" name="T1" size="20">
<a href="abc" & t1.value>test link</a>
so if the textbox value was "def" the link when clicked would be abcdef
|
by: moni |
last post by:
Hi..
I am trying to use javascript for google maps display.
If I call the javascript function from my aspx file I use:
<input type="text" id="addresstext" value="Huntington Avenue,
Boston, MA" name="yourName" style="width: 287px" />
|
by: John Sheppard |
last post by:
Hello there I was wondering if anyone could help me,
I am trying to pass a typed dataset to a dialoged child form by reference.
I have binding sources sitting on the child form. So to refresh them I just
set their datasource. I am guessing this is probably what is causing the
problem. Is there a better way to do this?
Anyway this all works happily and things show up when the record already
exists but I have 2 problems ;
1) When I add...
|
by: aelred |
last post by:
I have a web page where a member can open up a chat window (child window) with another member.
- From there the member can also navigate to other web pages.
- From other pages in the site, they may also open up new chat windows with other members (just not the same one).
- Each chat page is opened with the member name as the window name.
- When I log off from the web page, I would like all the chat windows to automatically close.
I...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
