In the provided PHP code, how is the DELETE query constructed and what potential issues could arise?
The DELETE query in the provided PHP code is constructed by directly concatenating user input into the query string, making it vulnerable to SQL injection attacks. To prevent this issue, you should use prepared statements with parameterized queries to safely execute the DELETE operation.
// Fix for constructing the DELETE query using prepared statements
// Assuming $conn is the database connection
// Get the user input for deletion
$id = $_GET['id'];
// Prepare the DELETE statement
$stmt = $conn->prepare("DELETE FROM table_name WHERE id = ?");
$stmt->bind_param("i", $id);
// Execute the DELETE statement
$stmt->execute();
// Close the statement and connection
$stmt->close();
$conn->close();
Related Questions
- What are the potential drawbacks of using JavaScript for redirection instead of PHP in certain scenarios?
- What steps can be taken to troubleshoot and debug PHP scripts that are not producing the expected output?
- What potential pitfalls should be considered when transferring a selected value from one select field to another in PHP?