CodeSOD: Repeat Delete
by Ellis Morning from The Daily WTF on (#20YK9)
Once upon a time, a client contacted Trick R. and asked him to figure out why files were disappearing from their website.
The seemingly innocent task proved to be a swan-dive into a sewer of bad PHP, unsanitized user input, and plain-text passwords stored in the database, among other vulnerabilities. However, the following conditional took the cake for awfulness. What better way to ensure a record is really gone than by running the DELETE query a bunch of times?
if( $_REQUEST['task'] == "delete_single" && preg_match("/^([0-9]+)$/", $_REQUEST['id'], $reg) ) { $qry = " delete from department where id=".$_REQUEST['id']; mysql_query( $qry ); $qry = " delete from department where id=".$_REQUEST['id']; mysql_query( $qry ); $qry = " delete from department where id=".$_REQUEST['id']; mysql_query( $qry ); $qry = " delete from department where id=".$_REQUEST['id']; mysql_query( $qry ); $qry = " delete from department where id=".$_REQUEST['id']; mysql_query($qry); $qry1="select * from department where id ='".$_REQUEST['id']."'"; $query=mysql_query($qry1); while($data=mysql_fetch_array($query)){ $qry = "delete from department where id=".$data['id']; mysql_query( $qry ); $qry = " delete from department where id=".$data['id']; mysql_query( $qry ); } $qry = " delete from department where id='".$_REQUEST['id']."'"; mysql_query( $qry ); $qry2="select * from department_login where pid ='".$_REQUEST['id']."'"; $query=mysql_query($qry2); while($data=mysql_fetch_array($query)){ $qry = "delete from department_login where pid=".$data['id']; mysql_query( $qry ); $qry = " delete from department_login where pid=".$data['id']; mysql_query( $qry ); } $qry = " delete from department_login where pid='".$_REQUEST['id']."'"; mysql_query( $qry );$qry3="select * from files where pid ='".$_REQUEST['id']."'"; $query=mysql_query($qry3); while($data=mysql_fetch_array($query)){ $qry = "delete from files where pid=".$data['id']; mysql_query( $qry ); $qry = " delete from files where pid=".$data['id']; mysql_query( $qry ); } $qry = " delete from files where pid='".$_REQUEST['id']."'"; mysql_query( $qry );$qry4="select * from pdf where pid ='".$_REQUEST['id']."'"; $query=mysql_query($qry4); while($data=mysql_fetch_array($query)){ $qry = "delete from pdf where pid=".$data['id']; mysql_query( $qry ); $qry = " delete from pdf where pid=".$data['id']; mysql_query( $qry ); } $qry = " delete from pdf where pid='".$_REQUEST['id']."'"; mysql_query( $qry ); $errorMsg = "Record deleted successfully !!";}[Advertisement] Infrastructure as Code built from the start with first-class Windows functionality and an intuitive, visual user interface. Download Otter today!