Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using this edit form to let users edit their posts/notes etc. And the way i have it is this way:
www.domain.com/editpost.php?id=390Adkw
So if someone plays around and changes the “390Adwk” to something like “390dkjdkljfld” it will mess up the content or worse yet, it will change someone elses content.
It will mess up because when i will do update it will be something like: Update this where id=id and it might get messed up.
So what is one way to prevent this using php?
Within the editpost page you need to do two things. During the GET request you need to check whether or not the particular user requesting that id has access to it.
During the POST, you again need to check whether or not that particular user has the rights to edit it.
In short, don’t trust that just because they passed an ID in that they have any rights to do anything with that ID.