Taylor
Reputation: 3141
Codeigniter - Only allow the user to delete from database if the user created the entry in database
I have a delete button/link hooked up which will delete the entry from the database.
My view file:
<a href="<?php echo base_url() . "profile/delete_entry/" . $data->pid; ?>">Delete</a>
My controller:
function delete_entry() {
$this->session->userdata('uid')
$this->load->model('model_entry');
$pid = $this->uri->segment(3);
$this->model_entry->entry_delete($pid);
$this->entries();
}
And finally, my model:
public function entry_delete($pid) {
$this->db->where('pid', $pid);
$this->session->userdata('uid')
$this->db->delete('dayone_entries');
}
So, the link works. I can delete an entry from the database, without any problem.
However, I can also delete entries that the user didn't create. I can simply do that by replacing the pid of the entry (in the database) from the url and input some other pid and it will delete it, even though the user didn't create it.
How can ensure that only the user who created the pid can delete it?
My column in my table in my database:
pid, uid, time, entry
Upvotes: 0
Views: 110
Answers (1)
Button 108
Reputation: 359
Assuming "uid" is the id of the user who made it, you need to add another WHERE where uid equals the user id in session.
Upvotes: 1
Related Questions
- Codeigniter delete row from db
- Auto delete from Mysql database
- CodeIgniter delete row from database
- how to allow delete only if user is admin in php
- Delete database entry in codeigniter
- Deleting a database record using codeigniter
- Not working deletion from the database
- PHP delete from database with codeigniter
- My Codeigniter method for safely deleting database entries
- Codeigniter securely delete db entries