Question 358506 in Mysql Question posted in
The official MySQL documentation can be found here.

Mysql – Search in database using GET method

so I have a question.

I have this project to school, I have a website with a form and database. Basically after successful form validation input is inserted into database and after that they are redirected using echo ‘script’ to a summary page which will print inputted values.

So on the summary page is a SQL search which is using WHERE clause plus ID stored in URL by GET method from the script. My question is how can I prevent someone changing the ID in the URL and read input from other users.

I was thinking maybe session could work, but I cant think about a reasonable solution. Thank you for help.

Tags:

2

Answers


  1. 0

    Non-sequential ids would be a band-aid over the problem. But at heart, if you want the page to not be public, you need to require them to have a session that restricts what they can see. Crudely, you can simply return with the redirect a cookie containing the id they are allowed to see and a cryptographic signature that you can verify when they do the get. Somewhat better is to have the cookie contain a session id, and store session information (the id they are allowed to see) in your database.

    Login or Signup to reply.
  2. 0

    You could do something like that :

    function encryptIt($q) {
    $cryptKey = 'YourKey_String';
    $qEncoded = openssl_encrypt($q, "AES-128-ECB", $cryptKey);
    return( $qEncoded );
}

function decryptIt($q) {
    $cryptKey = 'YourKey_String';
    $qDecoded = openssl_decrypt($q, "AES-128-ECB", $cryptKey);
    return( $qDecoded );
}

function testEncryptDecrypt() {
//Get your ID from DB here and format $arData as you want

    $arData = array(
        'id_cust' => 220,
        'id_user' => 45220,
        'extra' => 'toto il est beau mon lavabo',
    );
    $jsonString = json_encode($arData);
    $token = encryptIt($jsonString);
    // use the token in you get request
    $kryptDone = decryptIt($token);
    $dataReturn = json_decode($kryptDone, true);
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search