Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Security precautions when updating database row via URL segments
Security precautions when updating database row via URL segments
  • El Forum
    Unregistered
  •  
#3
07-20-2012, 06:15 AM

[eluser]Billy Shall[/eluser]
Very true, not a good idea to throw the field in there. Users would be logged in so no outside access.

A better example might be:

Code:
function status($id = FALSE, $val = FALSE)
{
  //Check for variables
  if($id === FALSE OR $val === FALSE)    { show_404(); }
  
  //Is a number?
  if(! is_numeric($id) OR ! is_numeric($val))  { show_404(); }
  
  //Is in range?
  if($val < '-4' OR  $val > '4')      { show_404(); }
  
  $this->db->where('id', $id)->set('status_id', $val)->update('table');
  redirect('controller');
}


Messages In This Thread
Security precautions when updating database row via URL segments - by El Forum - 07-20-2012, 06:15 AM



Theme © iAndrew 2016 - Forum software by © MyBB