Can I pass a wildcard to this function?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Is it possible, accidentally or on purpose, to pass a
wildcard to this function that would have the effect
of deleting many or all rows (shortname is a unique,
non-null field)?

function delete_row_by_shortname($table,$shortname){
global $mysqlhost, $mysqlusr, $mysqlpw, $mysqldb;
  $link = mysql_connect($mysqlhost, $mysqlusr, $mysqlpw);
   if (!$link) {
       die('Not connected : ' . mysql_error());
   mysql_select_db($mysqldb) or  
   die ('Could not select database:' . "$mysqldb.");
   $query = "DELETE FROM $table WHERE shortname='$shortname'";
   mysql_query($query) or die ("Query Failed! mysql_error()");
   $value = mysql_affected_rows($link);
   return $value;

Lars Eighner     < <
                         Countdown: 586 days to go.
              Why "War Czar"? That sounds like Imperial Russia!
                  Call it by the American term: "Fall Guy."

Re: Can I pass a wildcard to this function?

Hi, :-)

Lars Eighner wrote:
Quoted text here. Click to load it

I'd say yes, it certainly is possible.  
First, you are safe inside the sql context if the column shortname realy is
a non null unique index, since that means you can delete only a single row
because only one single value can fulfill the condition "=".  
You do no escaping of the values in $table and $shortname. It depends on
where the values come from. It _might_ offer a vulnerability
to 'sql-injection':  
Imagine the variable $shortname is filled from a form where data can be
entered and someone enters something like this:  
"bla1' OR shortname='bla2' OR shortname='bla3"
What results is this sql statement which is certainly _not_ the one you
intended to fire:  
"DELETE FROM $table WHERE shortname='bla1' OR shortname='bla2' OR
You should always escape such variable values, typically with the
function 'mysql_real_escape_string()'. Doing so the fired statement will
"DELETE FROM $table WHERE shortname='bla1'' OR shortname=''bla2'' OR
This will match a single entry or none (apart from the same aspect with

Have fun,  

Re: Can I pass a wildcard to this function?

arkascha wrote:
Quoted text here. Click to load it

Even worse:

'bla1' OR 1=1

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: Can I pass a wildcard to this function?

.oO(Lars Eighner)

Quoted text here. Click to load it

Definitely. Have a look at PDO and prepared statements.


Site Timeline