I have a table message in mysql id(bigint) sender(int) receiver(int) message(varchar) 1 42 420

Question

0

Asked: June 5, 20262026-06-05T16:29:34+00:00 2026-06-05T16:29:34+00:00

I have a table message in mysql id(bigint) sender(int) receiver(int) message(varchar) 1 42 420

0

I have a table message in mysql

id(bigint)      sender(int)    receiver(int)     message(varchar)
1                 42                420           Hi
2                 80                32            Hello
3                 61                32            I love you

My delete.php code

if(isset($_POST['id']))mysql_query("Delete from message where id=".$_POST['id']."");

The page from where the user delete the message using ajax request

<div>sender:Romeo
receiver:Juliet
message:I love you</div>
<span id="3">delete</span>//delete message with id 3
<script>
$("span").click(function(){$.post("delete.php",{"id",$("span").attr("id")});
});</script>

Now as far as i know anyone can know to which page I am making this request and easily develop a fake form with method post and action delete.php and delete message.
Can anyone tell me how to prevent this?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T16:29:35+00:00

Editorial Team

2026-06-05T16:29:35+00:00Added an answer on June 5, 2026 at 4:29 pm

You need to validate/authenticate the incoming data (i.e. is the current user authorised to delete the specified message?). You also need to prevent SQL injection by using prepared statements, rather than directly inserting user data into the query.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a table message in mysql id(bigint) sender(int) receiver(int) message(varchar) 1 42 420

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply