Drop table via URL

sspphp

Can someone drop a table from database if the name of table is known to user by appending the URL?
Someone suggests me that if proper security is not implemented , a table from database can be dropped by appending the URL , adding PHP command syntax and SQL query in url itself. Is it possible? If it is possible than how can one achive this and what are the protection measures?

Thanks in advance
sspphp

trexx

guess that's not a common security hazard. sure, on certain PHP, apache & whatever combinations there are/were exploits that made it possible to execute evil code by a buffer overflow or something similar. But a good system admin will replace such buggy versions immediately.

the other hazard is more likely: stupid code. if someone allows to execute sql or system statements by url or in a form, then you shouldn't wonder when someone wipes out your database or harddisk.

so, generally PHP is not insecure but there are many ways to make an insecure web-application.