Forum

Web Development and Programming Courses
https://coursesweb.net/forum/

Send id safety to php file

https://coursesweb.net/forum/viewtopic.php?f=7&t=323

Page 1 of 1

Send id safety to php file

Posted: 06 Mar 2017, 21:01
by melmdoost
hi,
i am using a query look like this:
xxx.com/search.myskils.php?id=157

this address "xxx.com/search.php" send an id number to "xxx.com/search.myskils.php?id=157" (and second address use GET method)

my problem:
user can see every query with change of id number at this code.
how can i prevent at this case?

this is very terrible. because user can delete every record in db with change of id number.

Send id safety to php file

Posted: 07 Mar 2017, 10:19
by Admin
Hello,
If the value /id is sent with GET method it will be displayed in the url address.
- The solution is to send that value with a <form> with POST method, and use the $_POST variable to get form data in php.

Send id safety to php file

Posted: 07 Mar 2017, 11:37
by melmdoost
hello,
but in the address " "xxx.com/search.php"", data (id number) send with tag <a href> to this address "xxx.com/search.myskils.php?id=157",
so i cant use, form and $_POST.

Send id safety to php file

Posted: 07 Mar 2017, 12:07
by Admin
In this case you have to make safety the Insert, Update, Delete data in database.
1. You can add a login admin script that sets a Session with logged admin.
2. Execute Insert, Update, Delete only when the logged admin session is set.
3. Perform those instruction with $_POST data only.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/