Kneaded eraser

Once upon a time, a client contacted Trick R. and asked him to figure out why files were disappearing from their website.

The seemingly innocent task proved to be a swan-dive into a sewer of bad PHP, unsanitized user input, and plain-text passwords stored in the database, among other vulnerabilities. However, the following conditional took the cake for awfulness. What better way to ensure a record is really gone than by running the DELETE query a bunch of times?


if( $_REQUEST['task'] == "delete_single" && preg_match("/^([0-9]+)$/", $_REQUEST['id'], $reg) ) {
         $qry = " delete from department where id=".$_REQUEST['id'];
                mysql_query( $qry );
                 $qry = " delete from department where id=".$_REQUEST['id'];
        mysql_query( $qry );
                $qry = " delete from department where id=".$_REQUEST['id'];
        mysql_query( $qry );
                 $qry = " delete from department where id=".$_REQUEST['id'];
        mysql_query( $qry );
                 $qry = " delete from department where id=".$_REQUEST['id'];
        mysql_query($qry);
                 $qry1="select * from department where id ='".$_REQUEST['id']."'";
                $query=mysql_query($qry1);
         while($data=mysql_fetch_array($query)){ 
         $qry = "delete from department where id=".$data['id'];
        mysql_query( $qry );
         
                 $qry = " delete from department where id=".$data['id'];
        mysql_query( $qry );
                 }
                  $qry = " delete from department where id='".$_REQUEST['id']."'";
        mysql_query( $qry );


     $qry2="select * from department_login where pid ='".$_REQUEST['id']."'";
                $query=mysql_query($qry2);
         while($data=mysql_fetch_array($query)){ 
          $qry = "delete from department_login where pid=".$data['id'];
        mysql_query( $qry );
         
                  $qry = " delete from department_login where pid=".$data['id'];
        mysql_query( $qry );
                 }
                  $qry = " delete from department_login where pid='".$_REQUEST['id']."'";
        mysql_query( $qry );

$qry3="select * from files where pid ='".$_REQUEST['id']."'";
                $query=mysql_query($qry3);
         while($data=mysql_fetch_array($query)){ 
          $qry = "delete from files where pid=".$data['id'];
        mysql_query( $qry );
         
                  $qry = " delete from files where pid=".$data['id'];
        mysql_query( $qry );
                 }
                  $qry = " delete from files where pid='".$_REQUEST['id']."'";
        mysql_query( $qry );

$qry4="select * from pdf where pid ='".$_REQUEST['id']."'";
                $query=mysql_query($qry4);
         while($data=mysql_fetch_array($query)){ 
          $qry = "delete from pdf where pid=".$data['id'];
        mysql_query( $qry );
         
                  $qry = " delete from pdf where pid=".$data['id'];
        mysql_query( $qry );
                 }
                  $qry = " delete from pdf where pid='".$_REQUEST['id']."'";
        mysql_query( $qry );

       
        $errorMsg = "
Record deleted successfully !!
"; }
[Advertisement] Infrastructure as Code built from the start with first-class Windows functionality and an intuitive, visual user interface. Download Otter today!