How to update a record from client to server without displaying unique_Id for the user

Question

How to update a record from client to server without displaying unique_Id for the user

How to update a record from the client to the database without displaying Unique_idthis record to the client.

My problem is that if I show it to a user with a property display:none, the user can check and change this specific unique_id to some random number, which in the case may coincide with another unique_id record and ultimately with updating another record (wrong record) .

+4

javascript database

anna poorani May 17, '17 at 8:35

source share

4 answers

Ambrish Pathak · Answer 1 · 2017-05-17T10:11:49+0000

A good question and approach to prevent client-side Id distortion could be:

, , / + .

:

(SELECT).
+ Id .
, .
, script, , , , .

if(tokenSavedOnServer != tokenCameFromClient)
{
  // Id has been tampered. Cancel update request.
}

, , 10 - .

, , ANOTHER, - UPDATE, , , .

codelyzer · Answer 2 · 2017-05-17T08:47:30+0000

Unique_id , , . . , , script ( node.js, PHP ..), .

EDIT:

, . , (, ), , , , .

MSekrst · Answer 3 · 2017-05-17T08:53:14+0000

, , , decript.

Boo berr'ita · Answer 4 · 2017-05-17T10:02:20+0000

, :

:

:
, , id , , ( ) , Id, , else else return error.
id:
, , , , , , .

both actions are the same, but I recommend storing the identifier in the session when the client is connected, so you directly make an update request without searching for the latter,

So, Sotre Id in the session, when the client is connected, then performs the update using the var session identifier, and this without specifying the identifier on the client side.

How to update a record from client to server without displaying unique_Id for the user

More articles: