Posted by Richard Lynch on 10/04/78 11:08

darren kirby wrote:
> On the main page of my website I have written a very simple comments
> feature
> that allows people to leave a message under my posts, much like a blog. I
> have purposely kept this very simple...
>
> On the main page I have simple text links that someone can click on if
> they
> want to leave a note. Clicking the link passes a variable $postid (a
> simple
> int) to the backend script, which tells the database which 'blog entry'
> the
> comment is attached to.
>
> The problem is that after playing around with this a bit, it is clear that
> someone can craft a url with an arbitrary $postid that is not in the
> database
> yet. Now naively, it would seem that the worst someone could do is just
> create arbitrary entries in the DB that may come back to bite me when I
> actually _use_ the arbitrary postid down the road.
>
> What I want to do is make sure that someone cannot create a post with a
> $postid value greater than the largest $postid I have used so far.

That's not quite what you want.

Suppose you've used 10 posts, but you deleted a blog entry of your own at
some point. (EG: You came home drunk from a party and wrote something
REALLY stupid)

You want to be sure comments on that post are not added as well.

> Now, I thought about using a quick sql query to get the largest postid
> from
> the DB and check that, but this will not work because of my own bad DB
> design
> (I'm really just a hobbyist here...) in that if there are no comments
> attached to a blog entry, then the postid for that entry is _not_ in the
> DB
> until I get one.

But you *DO* have a blog entry in the blog table -- Check *THAT* to see if
the postid is valid.

$query = "select count(*) from blog_table where blog_id = $postid";
$valid = mysql_query($query);
$valid = mysql_result($valid, 0, 0);
if (!$valid){
echo "You can't comment on a blog entry I haven't written yet!";
}

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]