I am seeking the strongest security measure for people changing the IDs in the URL for comments, blogs, inbox etc...
Any suggestions?
I am seeking the strongest security measure for people changing the IDs in the URL for comments, blogs, inbox etc...
Any suggestions?
Validating the data you get is a great idea, if you're expecting digit, make sure you get digits.
if(isset($_GET['id']) && ctype_digit($_GET['id']))
{
$id = $_GET['id'];
}else
{
$id = 0;
}
If your concern is people changing urls to see things, like requesting image 44 when you only wanted to show them image 42 you've got a few options: