Home > Back-end >  Preventing user to access data of other user's data in PHP
Preventing user to access data of other user's data in PHP

Time:05-27

I have two rows of data of different users having id= 54 and 55. If user having id=54 get signed into system, he must view his own data only not of id=55. but in my case if I change stid=54 to stid=55 in the url, user of id=54 views data of id=55 too.

here is URL: http://localhost/bacalumni/alumnidataview.php?stid=55

Please guide how to prevent user to view data of other users.

CodePudding user response:

Please share your code. Otherwise, here is an example of how it can be done. Once a user is signed in, keep track of his user id by session. You could use that to pass to your select statement or if you insist on keeping it in the URL;do an if - else check before displaying the data. For example.

$sessionUserId = '55';



if($sessionUserId == $stid )

{

 /// Show data

}else{



/// Unauthorized

}

Page link:https//www.codepudding.com/Backend/421129.html

Prev:How to delete from a multidimensional array if addon_id key is not present
Next:preg_match_all returns only last matches from single row , but all matches from multi row string
  •  Tags:  
    • php
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding