[Release] New Site

[Blackfire]

Ok so how's this. I also added the ctype_digit(); and it worked, if i change the id to something other than a number it will give you an error.

 

<?
//Start session
session_start();

include "settings.php";

// Get Login ID
$accid = $_SESSION['SESS_ACCOUNT_ID'];
?>
<?
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
} else {

?>
<?php
$connect = mysql_connect($server_ip, $user, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());

// get value of id that sent from address bar
$id = mysql_real_escape_string( $_GET['id'] );

if( ctype_digit( $id ))
{

// Delete data in mysql from row that has this id
$sql="DELETE FROM t_characters WHERE a_index='$id' AND a_user_index = '$accid'";
$result=mysql_query($sql);

// if successfully deleted
if($result){
echo "Delete Successful you will be redirected in 2 seconds.</a>";
}

else {
echo "ERROR";
}
?>

<meta HTTP-EQUIV="REFRESH" content="1; url=../index.php?page=20">
<?
}
else
{
echo "<font size= '2' color='#FF0000'>That is not a number!</font>";
}
?>

<?
die();
}

?>
<font size= '2' color='#FF0000'>You need to log in first!</font>
<meta HTTP-EQUIV="REFRESH" content="1; url=../index.php">
<?php
// close connection
mysql_close();
?>

 

With this instead I wasn't able to delete someone else's character.