weixin_33701564 2009-05-13 23:21 采纳率: 0%
浏览 149

jQuery Ajax投票

I am using this JQuery Ajax Voting system guide as a rough reference but I am a little troubled at the security of this. Right now this guide basically stores the ID of something and the vote statistics for it.

I'd like to go off a similar idea but I need to include the userID as well so a user can only vote once. This is stored in a PHP session variable and I was wondering if the ajax page that gets called will have access to that session or not. If not, what is a safe way of passing in the parameter so it can't be hijacked by a man in the middle attack or faked.

  • 写回答

2条回答 默认 最新

  • weixin_33695450 2009-05-13 23:24
    关注

    The server will have access to the session data through the AJAX call as long as you do session_start(); at the top of your script. You should also make sure you sanitize your data, as I see that tutorial is doing queries without passing the data through mysql_real_escape_string. You should also do UNIQUE KEY(user_id, id) on the votes table to ensure there's no dupes.

    评论

报告相同问题?

悬赏问题

  • ¥15 虚拟机打包apk出现错误
  • ¥30 最小化遗憾贪心算法上界
  • ¥15 用visual studi code完成html页面
  • ¥15 聚类分析或者python进行数据分析
  • ¥15 逻辑谓词和消解原理的运用
  • ¥15 三菱伺服电机按启动按钮有使能但不动作
  • ¥15 js,页面2返回页面1时定位进入的设备
  • ¥50 导入文件到网吧的电脑并且在重启之后不会被恢复
  • ¥15 (希望可以解决问题)ma和mb文件无法正常打开,打开后是空白,但是有正常内存占用,但可以在打开Maya应用程序后打开场景ma和mb格式。
  • ¥20 ML307A在使用AT命令连接EMQX平台的MQTT时被拒绝