Dropping database in by passing values in url

Question

I need to drop the database by passing the values of a and b in the giving below code

I have set the value of a as 5 for first level testing and b to give the database name

i.e., index.php?a=5&b=test

<?php
include ('config.php');
$a=$_GET["a"]; 
$b=$_GET["b"]; 
if ($a==5) 
{
$sql = 'drop database'.'$db';
if (mysql_query($sql)) 
{
    echo "Database test was successfully dropped\n";
}
else 
{
    echo 'Error dropping database: ' . mysql_error() . "\n";
}
}
{
    echo "Not Success";
}
?>

I am getting the Error

Error dropping database: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'databasee$db' at line 1 Not Success

I know that i can't drop the database by mysql query in php

Error Dropping Database (Can't rmdir '.test\', errno: 17)

The error is by contatinating the database name in the code

$sql='drop database'.'$b';

How can i do this ?

databsae is this a typing error ? – Rat-a-tat-a-tat Ratatouille Mar 06 '14 at 05:44 — Rat-a-tat-a-tat Ratatouille, Mar 06 '14 at 05:44
Yes that is a typing error and i edited it – Mar 06 '14 at 05:46 — , Mar 06 '14 at 05:46

score 3 · Accepted Answer · answered Mar 06 '14 at 05:38

3

You forgot to add a space .. Also the variables under single quotes will not be parsed.

The proper way to do...

$sql = "drop database ".$db;
                     ^------ Here

answered Mar 06 '14 at 05:38

Shankar Narayana Damodaran

68,075
43
96
126

1

I left space by still the same error **Error dropping database: Can't drop database '$b'; database doesn't exist Not Success** – Mar 06 '14 at 05:40
@Stackerman, Did you remove the quotes around `$db` as shown. ? – Shankar Narayana Damodaran Mar 06 '14 at 05:45
1

Thanks i removed the quotes around $db and it works **Database test was successfully dropped** _I am doing upvote for your answer and you shall upvote my question_ Because both my question and your answer is valid – Mar 06 '14 at 05:53

John M · Answer 2 · 2018-02-14T15:02:26.830

   <?php
        //connect to the database and authenticate the user
        include ('config.php');
        $a=$_GET["a"]; 
        $b=$_GET["b"]; 
        if ($a==5) 
        {
           $sql = 'drop database '."$b";
           if (mysqli_query($sql)) 
           {
              echo "Database test was successfully dropped\n";
           }
           else 
           {
              echo 'Error dropping database: ' . mysql_error() . "\n";
              echo "Not Success";
           }//End if/else error dropping database              
        }//End if $a==5       
   ?>

Database name should be in double quote marks or no quotes at all. Eg. "$b". Single quotes will make it literally $b and not the value $b actually represents.
Missing a space after the words 'drop database', it should be 'drop database '
it's not very secure to allow someone to delete a database without being authenticated first, especially using an http get where they can specify the name of any database to delete. I'm going so assume that is handled by config.php. Make sure you assign database users the correct permission
mysql_query is deprecated and will not work with newer versions of php. You should be using mysqli for any mysql queries. Mysql 5.6 end of lifes quite soon. See link below for dates. You can get the version of php running on your server using the line phpinfo(); in your code. If it under 7.x you should consider planning an upgrade path*
To avoid using if statements within if statements you could consider using case/switch statements.

http://php.net/supported-versions.php

*upgrading to later versions of php can break applications that were written for 5.6 and below.

score 0 · Answer 3 · answered Mar 06 '14 at 05:45

0

You have skipped else and started { echo "Not Success"; };

answered Mar 06 '14 at 05:45

SagarPPanchal

9,839
6
34
62

Dropping database in by passing values in url

3 Answers3