Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am building a web app in CakePHP, authorized users can add, update, delete a record. In some controllers to add a record my URLs structure is like:
records/add/id_of_parent_record/secondvar:another_decision_dependent_value.
My concern is a user may tamper with these GET variables which would result in corrupting the whole record. I know i can use sessions for these vars, but I am looking for the best approach. Please share you knowledge and experience.
In addition to the POST and Post/Redirect/Get advice.. In general:
Never ever trust any of the information you receive in a HTTP request (including GET parameters, POSTed data, Cookies and HTTP headers). Always ensure the user has permission to perform each action on the data objects in question and you always validate on the server side that the data is as sensible as you can, before accepting and processing it.