如何限制用户编辑URL参数
[英]How to restrict the user from editing an URL parameter
问题描述
I am using CodeIgniter. 
我正在使用CodeIgniter。 When a user edits the URL parameter, I get a database error. 当用户编辑URL参数时,出现数据库错误。
How can I solve this? 我该如何解决? In CodeIgniter, I am passing the value 32 in the URL 在CodeIgniter中,我在URL中传递值32
http://xyz.com/esebd2/user/link/link_detail/32
If the user edits this as shown below, 如果用户如下所示进行编辑,
http://xyz.com/esebd2/user/link/link_detail/323434
I get a database error. 我收到数据库错误。 What to do? 该怎么办?
function link_detail()
{
$this->common_head();
$lid = $this->uri->segment(4);
$link_data['link_detail'] = $this->linklist->get_detail_link($lid);
//above line to retrive value from database
$this->load->view('user/detaillink_view', $link_data);
$this->common_footer();
}
2 个解决方案
解决方案1
5 2011-03-03 11:21:21
You cannot prevent the user from editing the URL. 您不能阻止用户编辑URL。 You can only prevent that he/she has access to the resource if he/she is not authorized. 如果未获得授权,您只能阻止其访问资源。
And as for the error message: Any user input should be considered as untrustworthy and should always be validated before use. 至于错误消息:任何用户输入都应被认为是不可信的,并且在使用前应始终进行验证。 Even if you don't expect the regular user to change it. 即使您不希望普通用户更改它。
And if an error occurs, don't output the system's error message. 并且如果发生错误,请不要输出系统的错误消息。 These are only intended for the developer but not the the user as they can contain sensitive information. 这些仅适用于开发人员,而不适用于用户,因为它们可能包含敏感信息。
解决方案2
1 已采纳 2011-03-03 11:27:57
You don't. 你不知道 And you can't restrict values passed on POST forms on client side too. 而且,您也不能限制客户端在POST表单上传递的值。 Checks must be done server side, and have to be able to deal with all possible values. 检查必须在服务器端进行,并且必须能够处理所有可能的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.