Reputation: 165
codeigniter MVC inserting sensitive data in mysql table
I am using codeigniter to build a page where users can like the post of another user.
I have three pages in this example, view_page.php , model_page.php and controller_page.php.
My view_page.php looks like this
<?php foreach($members as $value): ?>
<tr>
<td><?php echo $value['post_id']; ?></td>
<td><?php echo $value['post_title']; ?></td>
<td><a href="like/<?php echo $value['post_id']; ?>">Like</a></td>
</tr>
<?php endforeach; ?>
Controller_page.php
function like($post_id) {
$this->load->model('model_page');
$this->model_page->like_user($post_id);
redirect('controller_page/viewdata');
}
My question is,
If a user with user_id = 1, posts something on the view_page.php (as shown in the image below), his post_id, post_title, and like button will show.
If another user with User_id = 22, likes that post, how do I add user_id=22 in the mysql table, to know which user liked the post?
I was thinking of passing the user_id=22 in the url of the like button, but then people can just manipulate the likes but changing user_id in the address bar.
How do I do it correctly?
Thanks in advance
Upvotes: 1
Views: 79
Answers (2)
Reputation: 697
The Whole code for your questions would ask many aspects , As of now the solution provided by Tanseer UL Hassan is the best DB design ,now since your question is how to implement it , you can code in the following manner:
1) Create the variable which is to be passed to the controller :
<input type="hidden" name="hidUserIdFromSession" id="hidUserIdFromSession" value="<?php echo $someUserIdFromSession;?>">
2) Use ajax to Insert data in the above-mentioned table, like this :
$('#yourButton').click(function() {
//Modify this according to your button name
var postId = "Get your post id here";
var userId = $("#hidUserIdFromSession").val();
$.ajax({
type: 'POST',
url: '<?php echo base_url("your/url/comes/here")?>',
data: "postId="+postId+"&userId="+userId,
success:function(response){
//Your succes functions code comes here(Alert or any other processing).
}
});
});
3) Get the values inside controller function like this:
public function functionName(){
//This is the same function which is called inside ajax call
$arrReturn = array();
$postId = $this->input->post('postId');
$userId = $this->input->post('userId');
$inserted = $this->model->insertLikeData($postId,$userId);
//this is a call to model function in which you will actually make the Query to insert the data.
if($inserted){
$arrReturn['status'] = "Success";
$arrReturn['data'] = array();//In case if you want to send some data.
}else{
$arrReturn['status'] = "Error";
$arrReturn['data'] = array();//In case if you want to send some data.
}
$arrReturn = json_encode($arrReturn);
echo $arrReturn;
}
Upvotes: 0
Reputation: 156
You can make a table where you store all likes For Example.
id post_id user_id
1 1 22
2 1 44
Upvotes: 2
Related Questions
- How to avoid SQL injection in CodeIgniter?
- Prevent SQL Injection in CodeIgniter
- codeigniter posting values in secure way
- Prevent SQL injections in codeigniter
- what is the best security practice to escape my data before submitting it into my database in CodeIgniter
- Unable to insert data into database (PHP MVC)
- Code Igniter security with insert function
- MySQL Security in CodeIgniter
- Security in the codeigniter
- CodeIgniter Form input security