sgsg
Reputation: 21
how to prevent user to changing/deleting other user data
I am creating multiuser application. created using php codeigniter And I am seeking the best practice or the best way to prevent user to changing/deleting other user data.
I have some relational tables.
- tbl_users (user_id, user_name, password)
- tbl_stores (store_id, user_id, store_name, store_url)
- tbs_products (product_id, store_id, product_name)
Each user have its own store, and each store may have many products.
So, what is the best ways, to prevent user from deleting other user data?
I actually, have create some code in the model, but since i am kind of newbie, i am not sure, if this is the right way, my code is like this.
function remove_product($product_id)
{
$this->db->from('products as p');
$this->db->join('stores as s', 's.id = p.store_id');
$this->db->where('p.id', $product_id);
$this->db->where('s.user_id', $this->session->userdata('id'));
if($this->db->count_all_results())
{
$this->db->where('id', $product_id);
return $this->db->delete($this->table);
}
}
Please advise if this approach is correct or not, or if there is better way to do this.
Regards
Upvotes: 2
Views: 566
Answers (1)
George Kastrinis
Reputation: 5182
Before deleting something check if the owner of that is the same as the session user.
Upvotes: 1
Related Questions
- Prevent two users from editing the same data
- how to manage multi-user permission in codeigniter
- How to prevent Mysql database from being changed/updated/deleted?
- Laravel - Don't allow user to access other user data
- How can I prevent two users from accessing MySQL table at the same time?
- Codeigniter - Only allow the user to delete from database if the user created the entry in database
- How do I prevent users from accessing other users records?
- how to prevent two user edit same content at same time
- Codeigniter restrict to insert into other user's data
- How to restrict user from modifying data in mysql data base?