|
|
Posted by David Haynes on 11/19/83 11:45
MaXX wrote:
> Hi,
> I hope I'm not OT.
>
> I have the following issue:
> I want to delete a record from my db with a php script. Let's say I'm auth'd
> and I want to delete the record id 440. With a simple form (get or post), I
> send the id to my script and delete the record (DELETE FROM table WHERE
> id=some_validated_input).
>
> The problem is if I'm a nasty guy I just write my own form and delete any
> record I want (since I'm auth'd) by just sending another id.
>
> Is there any way to make arbitrary record deletion non-trivial in php? I'm
> thinking about a hash function to replace the real db id (DELETE FROM table
> WHERE record_hash=validated_form_hash), if possible without adding an
> awfull lot of server side computation.
>
> How do you guys deal with that kind of situation?
>
> Thanks,
Along with the other suggestions:
Make deleted an attribute (column) of the table and then access the data
via a view that filters deleted items. If a record is deleted by
accident, it can still be re-created by changing the deleted attribute.
Some other process may come along and remove the deleted rows at some
regulated time (e.g. after a backup, after so many days, etc.)
-david-
Navigation:
[Reply to this message]
|