JavaScript - PHP HttpRequest安全问题[重复]

I am creating an application using JavaScript and PHP.
I post my data to a PHP file and then the PHP file insert my data into the MySQL database. All good but I have some doubts about security because my dom can be easily manipulated using the browser.

For example my code like below

var req = {
            method: 'POST',
            url: 'phpfile/send_message.php',
            headers: {
                'Content-Type': undefined
            data: {
                "UserId": UserId,
                "Message": Message,
        $http(req).then(function successCallback(response) {
                //Do Something
        }, function errorCallback(response) {
                //Do Something

anyone can put a breakpoint in this code and easily can change the UserId, therefore, the message sends to another user.

Ok, I know I can minify my Script but I think this is not enough. If someone wants to change data, he can find the code easily.

Is there any way to prevent this? Any information you can provide me would be greatly appreciated.

dprfe04886 'Content-Type':未定义<-为什么?带数据的POST请求应始终具有内容类型
大约 2 年之前 回复
dou1908 您也无需编辑代码,只需编辑请求即可。如果您的系统将用户隔离为仅与朋友交谈,那么也应该使用逻辑服务器。如果UserId来自用户那么那应该是服务器端会话,如果是用户,那么只需检查用户是否可以发送给他们。
大约 2 年之前 回复
Csdn user default icon