TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users. The risk is LOW. Vulnerable to SQL injection.
PG_DELETE(3)PG_DELETE(3)pg_delete - Deletes recordsSYNOPSIS
mixed pg_delete (resource $connection, string $table_name, array $assoc_array, [int $options = PGSQL_DML_EXEC])
DESCRIPTION pg_delete(3) deletes records from a table specified by the keys and values in $assoc_array. If $options is specified, pg_convert(3) is
applied to $assoc_array with the specified options.
PARAMETERS
o $connection
- PostgreSQL database connection resource.
o $table_name
- Name of the table from which to delete rows.
o $assoc_array
- An array whose keys are field names in the table $table_name, and whose values are the values of those fields that are to be
deleted.
o $options
- Any number of PGSQL_CONV_FORCE_NULL, PGSQL_DML_NO_CONV, PGSQL_DML_ESCAPE, PGSQL_DML_EXEC, PGSQL_DML_ASYNC or PGSQL_DML_STRING
combined. If PGSQL_DML_STRING is part of the $options then query string is returned. When PGSQL_DML_NO_CONV or PGSQL_DML_ESCAPE is
set, it does not call pg_convert(3) internally.
RETURN VALUES
Returns TRUE on success or FALSE on failure. Returns string if PGSQL_DML_STRING is passed via $options.
EXAMPLES
Example #1
pg_delete(3) example
<?php
$db = pg_connect('dbname=foo');
// This is safe, since $_POST is converted automatically
$res = pg_delete($db, 'post_log', $_POST);
if ($res) {
echo "POST data is deleted: $res
";
} else {
echo "User must have sent wrong inputs
";
}
?>
CHANGELOG
+-------------+---------------------------------------------------+
| Version | |
| | |
| | Description |
| | |
+-------------+---------------------------------------------------+
| 5.6.0 | |
| | |
| | No longer experimental. Added PGSQL_DML_ESCAPE |
| | constant, TRUE/ FALSE and NULL data type support. |
| | |
|5.5.3/5.4.19 | |
| | |
| | Direct SQL injection to $table_name and Indirect |
| | SQL injection to identifiers are fixed. |
| | |
+-------------+---------------------------------------------------+
SEE ALSO pg_convert(3).
PHP Documentation Group PG_DELETE(3)