[英]How to prevent a user from leaving comment to another user
Suppose I have a site where users can leave each other comments. 假设我有一个用户可以在其中发表评论的网站。
we have user A, user B and user C. also, support user B has blocked user C. 我们有用户A,用户B和用户C。此外,支持用户B已阻止用户C。
user A leaves user B a comment, code is as follows: 用户A给用户B留下评论,代码如下:
$query = "insert into comments (author_id, profile_id, comment, date_posted) values(?, ?, ?, now())";
That is the query that that does the job. 那就是完成任务的查询。 now user C goes to user B's page to leave a comment, but user B has blocked him from leaving comments.
现在,用户C转到用户B的页面发表评论,但用户B阻止了他发表评论。
Can't user C just leave a comment for another user, and just craft the request so he changes profile_id of to the user that has him blocked? 用户C不能只是为另一个用户发表评论,并只是提出请求,以便他将profile_id更改为被阻止的用户吗?
How can i prevent this? 我该如何预防呢?
I think you need to make another query and a conditional with that result. 我认为您需要对该结果进行另一个查询和一个条件查询。 Create a query to get user B's blacklist
$blacklist
then check if (!in_array('user C', $blacklist)) { execute insert query }
创建一个查询以获取用户B的黑名单
$blacklist
然后检查if (!in_array('user C', $blacklist)) { execute insert query }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.