I have post request to increase the liking number on records in database. The php file and the GET paramters are sown in the post request so any one will see the page source will be able to process that exteranlly via the php file.. so is it a way to hide those information, and if not .. so what is the most secrue way to hit the databse without showing secure data like that?
$.post("liking.php?id="+rank_id+"&lik="+lik+"&dis="+dis,function(data){}
分享 If you are doing the POST from jquery like that then the variables are going to be visible to the user in the source. This is not a problem as your security should be server side.
In your file: liking.php You need to add some kinds of checks to prevent users from repeat likes if that is your goal.
If you want to limit a like to one per user then you need to log the like to a table somewhere with the userid (if they are logged in) so you can prevent double likes.
If you are allowing non-logged in users to submit likes then you will want to limit them somehow. Perhaps using PHP sessions to not allow another like in the same session for the same rank_id. This can be session based or time based.
Here are a few other questions that might lead you on the path:
How do I make sure my like button is pressed only once by user?
分享
