delete.php？ID = 1 [英] delete.php?ID=1

问题描述

haii，

我有一个小小的安全问题。我已经制作了php表格并且已经为记录维护（DB记录）添加了删除和编辑按钮。我的问题是当用户知道网址和玩游戏知道它说delete.php？ID = 1它直接删除数据库中的记录..并且这个他可以删除所有记录..如何阻止这个...



谢谢，

Pradeep

haii,
I have a small security question.I have made php form and hve done addition deletion and edit buttons for the records maintainance(DB records) also.My question is that when a user gets to know the url and plays around wit it say delete.php?ID=1 it directly deletes the record from database..and lke this he can delete all records..how to stop this...


Thanks,
Pradeep

推荐答案

你真的没有真正指明一个问题，但是我认为你的说法是如何阻止一些人使用网址删除所有数据库记录，当发布到delete.php时，也许你应该改变方法，使其加密，不能被看到，而不是使用post post那样就不可能看到它被指定删除了哪个记录。


希望这有助于回答你的问题，

You didn''t really actually specify a question, but i think what your saying is how to stop some from using the url to delete all database records, well when posting to delete.php perhaps you should change the method so that its encrypted and can''t be seen i.e. instead of put use post that way its not possible to see which record it is that is been specified to be deleted.

Hopes this helps a little bit to answer your question,

我不是道具如果你能告诉我一个例子，我可能会更好地理解。


谢谢，

Pradeep

I am not properly getting u.If u can show me a example i might be able to understand better.

Thanks,
Pradeep

我的猜测是你使用表单提交到你的delete.php页面，如果有的话，查看表单的标签，有没有说方法？并且也是一个说enctype？


如果是这样你需要做的就是减轻你的问题：

set method =" POST"和

设置enctype =" multipart / form-data"


希望这有帮助，

My guess is that your using a form to submit to your delete.php page if so, look at the tags for the form, is there one that says method? and is the also one that says enctype?

if so all you should need to do to alleviated your problems is:
set method = "POST" and
set enctype = "multipart/form-data"


hope this helps,

这篇关于delete.php？ID = 1的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！