Okay...I have looked through a bunch of documents at http://www.mysql.com and I didn't think that the following syntax within the sub delete_records routine in the admin.cgi script would work, but it does!
if ($db->{'db_table'} eq 'Users') {
$db->do ("UPDATE Banners SET UserID = '103' WHERE UserID = $id");
$db->do ("DELETE FROM Bookmarks WHERE UserID = $id");
$db->do ("DELETE FROM Editor_Reviews WHERE UserID = $id");
$db->do ("UPDATE Links SET UserID = '103' WHERE UserID = $id");
$db->do ("DELETE FROM User_Reviews WHERE UserID = $id");
# undef $Links::DBSQL::DBH;
$db->do ("DELETE FROM anthrotech4.Applied WHERE (EmployerID = $id) OR (UserID = $id)");
$db->do ("DELETE FROM anthrotech4.Company WHERE UserID = $id");
$db->do ("DELETE FROM anthrotech4.CoverLetters WHERE CoverLetterID = $id");
$db->do ("DELETE FROM anthrotech4.Jobs WHERE UserID = $id");
$db->do ("DELETE FROM anthrotech4.Resume WHERE ResumeID = $id");
}
I guess my confusion is using db.table type of syntax.
My questions are:
1) Are there any security loopholes in the above codes?
2) Are there any CPU/Memory issues that I should be aware of, in terms of improving data processing?
Anyway...I am glad that this work, since it maintains referential integrity of tables....but I am confused of why adding the db. (db = database, in my case, anthrotech4. works)....
Regards,
Eliot Lee
Code:
if ($db->{'db_table'} eq 'Users') {
$db->do ("UPDATE Banners SET UserID = '103' WHERE UserID = $id");
$db->do ("DELETE FROM Bookmarks WHERE UserID = $id");
$db->do ("DELETE FROM Editor_Reviews WHERE UserID = $id");
$db->do ("UPDATE Links SET UserID = '103' WHERE UserID = $id");
$db->do ("DELETE FROM User_Reviews WHERE UserID = $id");
# undef $Links::DBSQL::DBH;
$db->do ("DELETE FROM anthrotech4.Applied WHERE (EmployerID = $id) OR (UserID = $id)");
$db->do ("DELETE FROM anthrotech4.Company WHERE UserID = $id");
$db->do ("DELETE FROM anthrotech4.CoverLetters WHERE CoverLetterID = $id");
$db->do ("DELETE FROM anthrotech4.Jobs WHERE UserID = $id");
$db->do ("DELETE FROM anthrotech4.Resume WHERE ResumeID = $id");
}
I guess my confusion is using db.table type of syntax.
My questions are:
1) Are there any security loopholes in the above codes?
2) Are there any CPU/Memory issues that I should be aware of, in terms of improving data processing?
Anyway...I am glad that this work, since it maintains referential integrity of tables....but I am confused of why adding the db. (db = database, in my case, anthrotech4. works)....
Regards,
Eliot Lee