I want to update a row of data in a database using Ajax and PHP; however, I'm struggling with the following issue: the field in the database to update (henceforth the id
) is dependent on the page the ajax request is sent from.
I need to get this id
to my PHP script that Ajax calls, however:
I don't want to set the
id
in a data attribute or hidden input on the page because these can both be manipulated by a malicious user.Similarly, identifying the
id
using the referring URL is also prone to spoofing as$_SERVER
isn't secure.I can't set the
id
in a SESSION variable (or COOKIES) because the user could have multiple pages open and the SESSION would only hold the last pageid
that was opened.
The only solution I can think is to create a map of random tokens to id
's in a table in the db and pass that in a SESSION variable (as per #3 above), then check the table for the token and grab the respective id
that way. Seems somewhat convoluted though.
Are there any other options or thoughts? Thanks.