hi,
i am using a query look like this:
xxx.com/search.myskils.php?id=157
this address "xxx.com/search.php" send an id number to "xxx.com/search.myskils.php?id=157" (and second address use GET method)
my problem:
user can see every query with change of id number at this code.
how can i prevent at this case?
this is very terrible. because user can delete every record in db with change of id number.
Send id safety to php file
-
- Posts: 20
Send id safety to php file
Admin
Hello,
If the value /id is sent with GET method it will be displayed in the url address.
- The solution is to send that value with a <form> with POST method, and use the $_POST variable to get form data in php.
If the value /id is sent with GET method it will be displayed in the url address.
- The solution is to send that value with a <form> with POST method, and use the $_POST variable to get form data in php.
melmdoost
hello,
but in the address " "xxx.com/search.php"", data (id number) send with tag <a href> to this address "xxx.com/search.myskils.php?id=157",
so i cant use, form and $_POST.
but in the address " "xxx.com/search.php"", data (id number) send with tag <a href> to this address "xxx.com/search.myskils.php?id=157",
so i cant use, form and $_POST.
Admin
In this case you have to make safety the Insert, Update, Delete data in database.
1. You can add a login admin script that sets a Session with logged admin.
2. Execute Insert, Update, Delete only when the logged admin session is set.
3. Perform those instruction with $_POST data only.
1. You can add a login admin script that sets a Session with logged admin.
2. Execute Insert, Update, Delete only when the logged admin session is set.
3. Perform those instruction with $_POST data only.
Similar Topics
-
Access an XML file from different domain in JS
JavaScript - jQuery - Ajax
First post
I am creating a website with HTML and JavaScript that relies on the data of an XML file hosted on a separate domain.Last post
I can achieve this with...
Try using the the fetch api.
fetch('//example.com/file_address')
.then( response => response.text() )
.then( response => {
//response is...