View Single Post
Posts: 203 | Thanked: 538 times | Joined on Oct 2009 @ Colombia
#58
This could be vulnerable to SQL injection (it depends on server settings):

Code:
if(isset($_GET['delete_id']))
  {
    DBConnect();
    $query = "DELETE FROM users WHERE id='" . $_GET['delete_id'] .
    "' AND username='" . $_GET['username'] .
    "' AND password='" . $_GET['password'] .
    "' AND email='" . $_GET['email'] .
    "'";
    DBQuery($query);
    $alertMsg .= "Account deleted.";
    DBDisconnect();
  }
 

The Following User Says Thank You to munozferna For This Useful Post: