ownership control when update/delete record |
[eluser]peter222[/eluser]
Before I programmed procedural, without framework. When I deleted any record, it have been always realized by form and $_POST data. Now, in CI I've seen examples where #id of record was read from URL as segment. http://mywebsite/posts/delete/23 or http://mywebsite/posts/update/25 What is best practise to control ownership of this record? As I suppose I should add in all of queries: $this->db->where('user_id', $id_of_logged_user); is this way secure enough?
[eluser]Rick Jolly[/eluser]
Yes. So you're tables would look something like this: Code: create table posts ( |
Welcome Guest, Not a member yet? Register Sign In |