Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming ownership control when update/delete record
ownership control when update/delete record
  • El Forum
    Guest
  •  
#1
08-07-2008, 08:26 AM

[eluser]peter222[/eluser]
Before I programmed procedural, without framework. When I deleted any record, it have been always realized by form and $_POST data. Now, in CI I've seen examples where #id of record was read from URL as segment.

http://mywebsite/posts/delete/23

or

http://mywebsite/posts/update/25

What is best practise to control ownership of this record?

As I suppose I should add in all of queries:
$this->db->where('user_id', $id_of_logged_user);

is this way secure enough?
  • El Forum
    Guest
  •  
#2
08-07-2008, 09:10 AM

[eluser]Rick Jolly[/eluser]
Yes. So you're tables would look something like this:

Code:
create table posts (
id int unsigned not null auto_increment,
user_id int unsigned not null,
post text not null,
primary key (id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

create table users (
user_id int not null auto_increment,
username varchar(50) not null unique,
password varchar(50) COLLATE utf8_bin not null,
primary key (user_id)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;




Theme © iAndrew 2016 - Forum software by © MyBB