bn2vs
05-20-2008, 11:15 AM
Hey,
I'm having problems securing a php function that updates some data in a mySql db. The php page gets an id and some other info from the url, and is normally called upon by a xmlHttpRequest. Everyone who has a close look at the page source can figure out what the url is, and how the arguments are build up in the url, and give custom commands to my db.
I've tried to work with defining variables and using sessions, witch both prevent someone from accessing it successfully, but that also blocks the commands i'm trying to give via the xhr.
How can i solve this?
Cheers,
BN
I'm having problems securing a php function that updates some data in a mySql db. The php page gets an id and some other info from the url, and is normally called upon by a xmlHttpRequest. Everyone who has a close look at the page source can figure out what the url is, and how the arguments are build up in the url, and give custom commands to my db.
I've tried to work with defining variables and using sessions, witch both prevent someone from accessing it successfully, but that also blocks the commands i'm trying to give via the xhr.
How can i solve this?
Cheers,
BN