hi,
i am using a query look like this:
xxx.com/search.myskils.php?id=157
this address "xxx.com/search.php" send an id number to "xxx.com/search.myskils.php?id=157" (and second address use GET method)
my problem:
user can see every query with change of id number at this code.
how can i prevent at this case?
this is very terrible. because user can delete every record in db with change of id number.
Send id safety to php file
-
melmdoost
- Posts: 20
Send id safety to php file
Admin
Hello,
If the value /id is sent with GET method it will be displayed in the url address.
- The solution is to send that value with a <form> with POST method, and use the $_POST variable to get form data in php.
If the value /id is sent with GET method it will be displayed in the url address.
- The solution is to send that value with a <form> with POST method, and use the $_POST variable to get form data in php.
melmdoost
hello,
but in the address " "xxx.com/search.php"", data (id number) send with tag <a href> to this address "xxx.com/search.myskils.php?id=157",
so i cant use, form and $_POST.
but in the address " "xxx.com/search.php"", data (id number) send with tag <a href> to this address "xxx.com/search.myskils.php?id=157",
so i cant use, form and $_POST.
Admin
In this case you have to make safety the Insert, Update, Delete data in database.
1. You can add a login admin script that sets a Session with logged admin.
2. Execute Insert, Update, Delete only when the logged admin session is set.
3. Perform those instruction with $_POST data only.
1. You can add a login admin script that sets a Session with logged admin.
2. Execute Insert, Update, Delete only when the logged admin session is set.
3. Perform those instruction with $_POST data only.
Similar Topics
-
Cannot send session cache limiter
PHP - MySQL
First post
I have a php page where i work with session..Last post
<?php
session_start();
if (isset($_SESSION )) {
$username2=$_SESSION ;
} else {
echo <script...
Hello,
That error appears because there is something sent to browser before session_start(); , like an echo , or a space or other character before... -
How to send Push Msg to multiple Android phones at a time
PHP - MySQL
First post
Hello,Last post
I am using PHP Push Notification Android and iOS: Send push notifications to Android and iOS devices I have to send around 10k pushes every...
Hello,
I not know about PHP Push Notification Android and iOS , but check the answers from this page, maybe they can help you:
Or, post the... -
Add time to file upload name
PHP - MySQL
First post
Hello.Last post
i have a script for upload file. this script has a problem with duplicate names, in upload folder. i want rename file name in upload folder....
The character : is not allowed in file name; so, you should replace it with - or _ in the string with the time.
$time = date( H-i-s ,... -
File Upload don't work
PHP - MySQL
First post
Hello! i have a script that insert some details in MySql database but the file upload don't work.Have you any ideea why don't work ?Last post
if(isset($_POST...
I not know whay it not works, it might be problem from the html form, or the column types in mysql, or variable with data for inserting in mysql is... -
Missing php closing tag ?> in php file
PHP - MySQL
First post
Just so you know in some php files from your scripts you left out the closing ?> .Last post
I put it in and looks good thank you.
In php files, if after the last line of code there isn't other content, like html, there is not need for the closing tag ?> .
The closing tag is...