Block query string url - php

-2

Good morning, My question arises because of increasing the security of my application. The scenario is as follows: A user with authorization sees the listing of several items (ex: list-item.php), and can delete the item you want. The process of deleting is through a query string (Ex: delete-item.php? Id = 14)

Is there any way to restrict / block manipulation in this id case? for example if the account of the user is stolen and the person has bad intentions, you can simply change the id in the query string and delete several items. Basically I wonder if there is a solution to block the manipulation of the query and only accept the query that comes from the page list-item.php

    
asked by anonymous 12.01.2018 / 10:24

1 answer

0

Take a look at this package: link

I use it to generate a unique hash for each record and instead of working with the sequential key in the GETs and POSTs I use the hash.

This helps in several situations, for example: Editing the user profile if you put link and the person is passing other ids there, he can change profile of other users, using the hash it would hardly find a valid hash.

I hope it helps.

    
12.01.2018 / 15:33