未加星标

Php delete from sql and directory forms

字体大小 | |
[开发(php) 所属分类 开发(php) | 发布者 店小二03 | 时间 2018 | 作者 红领巾 ] 0人收藏点击收藏

I have resolved this issue of the warning by going back to if(!file_exists($file_to_delete) (as I already know in that folder is an is only images I just needed it so user could not get to other directories) I have also made a check on the id that its numeric & exists in db and sanitised the query's I believe could you please have a look though the new code below and see if ok or if and further problems exist

Many thanks

Heres my code

<php // Include Databse include ("common.php"); // VARIBLES $delete = $_POST['delete']; $id = $_POST['id']; $filename = $_POST['filename']; $ext = end(explode('.',$filename)); // Check if form has been submitted if (isset ($delete)) { // Check filename is not empty if(empty($filename)) { $status = "Please enter a FILENAME" ; $error = true; $filecheck = false; } else { $filecheck = true; } if ($filecheck) { //Check user stays in correct directory & check image ext if(!preg_match('/^\/?[\w\s-_]+\.(jpe?g|gif|png|bmp)$/',strtolower($filename))) { $error = true; $status = "Please check FILENAME"; } else { $file_to_delete = 'images/' . $filename; } // Check file_to_delete is set if ($file_to_delete) { // Checks the file exists if(!file_exists($file_to_delete)) { $status = "File not found please check FILENAME"; $error = true; $idcheck = false; } else { $idcheck = true; } } // Check $idcheck is set if($idcheck) { // Check ID is not empty if(empty($id)) { $status = "Please enter a ID " ; $error = true; $filecheck = false; } //Check if ID is not numeric else if(!is_numeric($id)) { $error = true; $status = "Please check ID"; } else { // Check ID exists in database $query = "SELECT id FROM `test` WHERE `id` = :id" ; $stmt = $db->prepare($query); $stmt->bindParam(":id", $id); $stmt->execute(); //if ID exists. if($stmt->rowCount() > 0) { $error = false; } else { $error = true; $status = "Please check ID"; } } } } if (!$error) { // Run Query & Delete File Information From Database $query = "DELETE FROM `test` WHERE `id` = :id" ; try { $stmt = $db->prepare($query); $stmt->bindParam(':id', $id); $stmt->execute(); } catch(PDOException $ex) { die("Failed to delete image: Please report issue to admin"); } // Delete File From Directory unlink($file_to_delete); $status = "File Deleted"; } } ?> <?php $query = "SELECT id,photo FROM test"; try { // Run Query To Show The Current Data In Database $stmt = $db->prepare($query); $stmt->execute(); } catch(PDOException $ex) { die("Failed to run query: Please report issue to admin"); } $rows = $stmt->fetchAll(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Delete Image</title> <style type="text/css"> .table { text-align: center; } .table { font-weight: bold; } </style> </head> <body> <form action="delete.php" method="post" enctype="multipart/form-data" class="table"> Please enter the Filename and ID of the image you wish to delete <table width="178" align="center"> <tr class="table"> <td width="144" class="table">Filename</td> <td width="30" class="table">ID </td> </tr> <tr> <td><input name="filename" type="text" value="<?php echo $filename; ?>" /> </td> <td><input name="id" type="text" id="id" value="<?php echo $id; ?>" size="3" maxlength="4" /> </td> </tr> </table> <p><?php echo $status; ?><br /> <input type="submit" value="Delete Selected Image" name="delete" /> </p> <p>IMAGE DETAILS </p> <table width="400" align="center" class="table"> <tr> <th width="61">ID</th> <th width="185">Filename</th> <th width="138">Image</th> </tr> </table> <table width="400" align="center" class="table"> <?php foreach($rows as $row): ?> <tr> <td width="61"><?php echo $row['id']; ?></td> <td width="185"><?php echo $row['photo']; ?></td> <td width="138" height="138"> <img src="images/<?php echo $row['photo'] ; ?>" width="138" height="138" /></td> </tr> <?php endforeach; ?> </table> </p> <p><br /> <br /> </p> </form> </body> </html>

There are various options, and if you're really concerned about security, you shouldn't let end users specify a filename at all. Instead, you may want to hand out randomly generated md5 strings or something alike. You can store a mapping between such md5 string and a filename in the database, which you seem to be using.

If you really have to have users specify the actual filenames, you could make sure that they only contain characters you consider safe. The fewer characters you allow, the better. For example, if you can restrict filenames to a-z , A-Z , 0-9 , _ and - plus a file extension, you could validate as follows:

if (! preg_match("/^[a-zA-Z0-9_\-]+\.[a-zA-Z0-9]+$/", $filename)) { throw new Exception("invalid filename pattern"); }

This way users cannot specify a filename that crosses directory bounds.

To restrict filenames to certain extension, you could use something like this:

if (! preg_match("/\.(jpe?g|png|gif)$/i", $filename)) { throw new Exception("invalid file extension"); }

You can additionally check the directory name of the assembled filename and raise an error if the directory name is not what you expect:

if (dirname("images/" . $filename) !== "images") { throw new Exception("cannot leave directory"); }

When concerned about security and deleting the wrong files, you should also be worried about SQL injection. Your script is vulnerable, because you're inserting a user-specified value into an SQL query unchecked:

$query = "DELETE FROM `test` WHERE `id` = $id" ;

What will happen if the user posts an id value of 1 OR true ? Right, all your images will be deleted from the database!

本文开发(php)相关术语:php代码审计工具 php开发工程师 移动开发者大会 移动互联网开发 web开发工程师 软件开发流程 软件开发工程师

代码区博客精选文章
分页:12
转载请注明
本文标题:Php delete from sql and directory forms
本站链接:https://www.codesec.net/view/610796.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(php) | 评论(0) | 阅读(92)