CODEWITHSUNDEEP
phpmysqldatabasecodeigniter
CyberJunkie
CyberJunkie

Reputation: 22684

Codeigniter securely delete db entries

What is the safest way to delete rows in a database table using Codeigniter?

I am using the following method.

HTML: Retrieves links submitted by user (link title, url, and description). Adds Remove link to each entry. The link has a third segment that is the entry id from the db, link_id. 

<ul id="user_links">
    <?php foreach($query as $row): ?>

    <li><?php echo $row->link_title; ?></li>
    <li><?php echo auto_link($row->link_url, 'url', TRUE); ?></li>
    <li><?php echo $row->link_description; ?></li>
    <?php echo anchor('profile/remove_link/'.$row->link_id, 'Remove', 'title="Remove link"'); ?>

    <?php endforeach; ?>
</ul>

CONTROLLER:

    function remove_link()
    {
               $link_id = $this->uri->segment(3);
               $seg = 'user_links'; //used in model for redirecting back to page
               $this->load->model('Link_model');
               $this->Profile_model->link_delete($link_id, $seg);
    }

MODEL:

function link_delete($link_id, $seg)
{
    $this->db->where('user_id', $this->tank_auth->get_user_id());
    $this->db->where('link_id', $link_id);
    $this->db->delete('user_links'); 
    redirect("/profile/$seg/");         
}

This works but I'm concerned that deleting entries via an URI segment is unsafe. Is my code safe? Otherwise what do you recommend?

Upvotes: 1

Views: 1798

Answers (1)

Jarek Tkaczyk
Jarek Tkaczyk

Reputation: 81187

You can use either form helper and POST request with CSRF protection instead of url method: http://codeigniter.com/user_guide/libraries/security.html or your method with links but add some code to: 1 sanitize uri segment, 2 add a token described in cabaret's link

Upvotes: 2

Related Questions