Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Best way to prevent logged in users from messing with ID passed in query strings?
Best way to prevent logged in users from messing with ID passed in query strings?
  • El Forum
    Guest
  •  
#1
12-08-2009, 12:55 PM

[eluser]jleequeen[/eluser]
Hello,

I'm looking for the best way to keep a logged in user from messing with query strings. For example, let's say I have an editable form where a user can update his application settings. So the URL is:

http:/www.domain.com/settings/edit/id

How do I prevent a logged in user from just manually entering another users id and having access to their settings? I'm sure this is probably a stupid question, but I would like to know how others prevent this sort of thing. I thought about putting a check in either the controller or model that checks against the session to make sure the logged in ID is the one that is trying to make the update, but I'm not sure what the best way is. Sorry if I am not explaining it very well. Any help would be greatly appreciated.

Thanks.


Messages In This Thread
Best way to prevent logged in users from messing with ID passed in query strings? - by El Forum - 12-08-2009, 12:55 PM



Theme © iAndrew 2016 - Forum software by © MyBB