I use ajax to POST a post id and current user id to a URL to delete this post, but i think it’s not safe because anyone can post those parameters. How to make sure the user who send this Ajax POST is the post owner?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I use ajax to POST a post id and current user id to a URL to delete this post, but i think it’s not safe because anyone can post those parameters. How to make sure the user who send this Ajax POST is the post owner?
You should use SESSION for this one. UNIQUE id is sent with each your requests. So by this id you can define which user sends delete requests.
Read more about http://www.php.net/manual/en/book.session.php