Blog Home | Fife Visits Blog | Fife Rant Blog | Random Computing Stuff Index

Investigating PHP

I am currently working my way through MySQL for Dynamic Websites by Larry Ullman (edition 4).
I currently (May 2013) run php 5.3.10-1 and a mysql 5.1.31 database on apache 2.2.22 server on Ubuntu 12.04 in VirtualBox.

Chapter 13: Review and Pursue

delete_user.php: May 2013

The php code in the pdf below is my solution to the 8th exercise in the Pursue section of Chapter 13 PHP and MYSQL for Dynamic Web Sites (ed4) by Larry Ullman.
The script is an update of 10.2 from chapter 10, page 304 which is a file that allows a users records to be deleted. This script checks the input from another script (view_user.php) using the Filter() function. The idea is that you should not trust any input from any outside source without checking it. I could have equally used casting here.
I offer this solution without any great confidence since I have found that I can hack it quite easily as it stands by changing the info in the address bar to another number before clicking the submit button. This allows another user who was not chosen to be deleted. I can see a fix to this, but this is not the point of this exercise so have left it as is.

If the pdf doesn't open, go to delete_user.pdf