process - How to safely link to data processing pages in PHP -

-

Explain the title: For example, link the flag to any YouTube video as "Inappropriate". It is basically a link on a page that processes the request (i.e., the person who clicked a logged-in user, what is the ID of the flagged video) etc. If everything goes well then the video is flagged and the user is given the correct output.

My question is, what prevents the user from accessing that processing file with the URL, and flagging, say, all videos on YouTube automatically? You can not create a session with PHP if the user clicks on a link and does not want to include JS, then I'm only looking for a good PP-solution solution, to implement the data Someone found the correct page on the process page.

Can you recommend a way to do this, maybe another GET variable may be passing. If you want you can use a YouTube example.

Thanks

If you want to do something, make sure they are expected Coming from the page, you might have an additional GET variable (beyond the video ID only), which is for an encryption string of video ID and an existing date time and a few good masers.

On the received page, you can check to make sure they have a session and are logged in, and if they are decrypting the GET variable, make sure the data valid is valid (last 10 minutes ) And the ID matches the unencrypted main one.

You do not want to send the ID of the person receiving it to GET, because it is easily manipulated clients, then it is trusting session variables.

You can also take advantage of the variable, but I do not think I trust it.


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more