Okay so I found a tutorial this morning and worked on it a little. Basically, following the tutorial, I placed an html link beside each row in the while loop that looks like this:
Then inside delete_ban.php I grab the information from the url by doing this:
Everything works based on that. However there are a few things I am questioning:
1. Is it safe to pass information like that to a url without sanitizing it a bit?
Would using $name = htmlspecialchars($name) be a good idea to do, or would that at times make that variable mismmatch with what is inside the sql table? Thus resulting in the row not being successfully deleted.
2. How would I stop regular users from basically guessing the link and having a field day banning information from that sql? With that, I assume they could just delete a row on the table by following the link http://www.mywebsite.com/delete_ban.php?...http://www.mywebsite.com/delete_ban.php?name=name_1&ip=11.222.333.44&ban=cheating&banadded (if that row actually existed inside the sql table).
I tried adding a little security by having the banadded var (which inside the sql table is recorded as a unix time stamp) having a bit of calculations added to it, which the user obviously wouldn't know the formula I used. And then taken away on the delete_ban page so that it's correctly able to find it in the database. If that makes sense? But i'm not sure if that's a lame form of security or not, I would assume there's better measures I can take?
Search
Member List
Calendar
Help
