I have a table, that obviously has ids for each row. When a user clicks on a table row he is taken to a different page where it shows the full data(The different page is really the same page which is unhid after the load event).
I am picking up the click event with jquery and then sending the id to jquery load and it loads in the data.
The problem is this. If the person using the page has firebug installed he can manipulate the id on the table and maybe access something he shouldn't be accessing.
So I have had to write a function that checks the id coming in can be accessed by that user.
function checkID($searchColumn,$userColumn,$tablename,$table_id,$user_id)
{
Global $db;
$query = "SELECT `{$userColumn}` FROM $tablename WHERE `{$searchColumn}`=?";
//echo $query;
$stmt = $db->prepare($query);
$stmt->bind_param('i',$table_id);
$stmt->execute();
$stmt->bind_result($myuser_id);
if($stmt->fetch())
{
if($myuser_id==$user_id):
return true;
else:
return false;
endif;
}
}
Basically the above function gives me a true or false depending on whether that id can be accessed by the user.
Is there a better way to check if data has been manipulated in firebug on server side?
Basically I want to make sure the id being sent to the server is the same id that is in the table, and not been manipulated by firebug. Even though my function works I keep thinking perhaps there is a simpler solution. What do the professionals do?