How can PHP developers ensure secure data handling when passing IDs for deletion from a database and file system?

PHP developers can ensure secure data handling when passing IDs for deletion by validating the input to ensure it is an integer and sanitizing the input to prevent SQL injection attacks. Additionally, developers should check if the user has the necessary permissions to delete the data before executing the deletion operation.

// Validate and sanitize input
$id = filter_input(INPUT_POST, &#039;id&#039;, FILTER_VALIDATE_INT);
if (!$id) {
    // Handle invalid input error
}

// Check user permissions
if (!hasDeletePermission($id)) {
    // Handle permission denied error
}

// Delete data from database
$deleteQuery = &quot;DELETE FROM table WHERE id = ?&quot;;
$stmt = $pdo-&gt;prepare($deleteQuery);
$stmt-&gt;execute([$id]);

// Delete file from file system
$file = &quot;/path/to/files/&quot; . $id . &quot;.txt&quot;;
if (file_exists($file)) {
    unlink($file);
}

Keywords

SQL injection prepared statements file deletion data sanitization error handling

How can PHP developers ensure secure data handling when passing IDs for deletion from a database and file system?

Keywords

Related Questions