Send id safety to php file

melmdoost
Posts: 20

Send id safety to php file

hi,
i am using a query look like this:
xxx.com/search.myskils.php?id=157

this address "xxx.com/search.php" send an id number to "xxx.com/search.myskils.php?id=157" (and second address use GET method)

my problem:
user can see every query with change of id number at this code.
how can i prevent at this case?

this is very terrible. because user can delete every record in db with change of id number.

Admin
Hello,
If the value /id is sent with GET method it will be displayed in the url address.
- The solution is to send that value with a <form> with POST method, and use the $_POST variable to get form data in php.

melmdoost
hello,
but in the address " "xxx.com/search.php"", data (id number) send with tag <a href> to this address "xxx.com/search.myskils.php?id=157",
so i cant use, form and $_POST.

Admin
In this case you have to make safety the Insert, Update, Delete data in database.
1. You can add a login admin script that sets a Session with logged admin.
2. Execute Insert, Update, Delete only when the logged admin session is set.
3. Perform those instruction with $_POST data only.

Similar Topics