Home > Back-end >  Preventing user to access data of other user's data in PHP
Preventing user to access data of other user's data in PHP

Time:05-27

I have two rows of data of different users having id= 54 and 55. If user having id=54 get signed into system, he must view his own data only not of id=55. but in my case if I change stid=54 to stid=55 in the url, user of id=54 views data of id=55 too.

here is URL: http://localhost/bacalumni/alumnidataview.php?stid=55

Please guide how to prevent user to view data of other users.

CodePudding user response:

Please share your code. Otherwise, here is an example of how it can be done. Once a user is signed in, keep track of his user id by session. You could use that to pass to your select statement or if you insist on keeping it in the URL;do an if - else check before displaying the data. For example.

$sessionUserId = '55';



if($sessionUserId == $stid )

{

 /// Show data

}else{



/// Unauthorized

}
  •  Tags:  
  • php
  • Related