Posted by ST on 02/01/08 16:15

On Jan 28, 5:56 pm, ZeldorBlat <zeldorb...@gmail.com> wrote:
> On Jan 28, 10:12 am, Harris Kosmidhs
>
>
>
> <hkosm...@remove.me.softnet.tuc.gr> wrote:
> > Though I program in php for some years, I started thinking a lot about
> > the security in my php scripts.
>
> > When I add/insert/delete to a form I usually have a hidden input box
> > with the (auto-increment id) of the record I want to update. So when I
> > UPDATE I put where id=intval($id).
> > This is quite a security risk but these forms are administration forms,
> > assuming that the administrator won't edit hidden values and mess with
> > it's data.
>
> > But what happens if this is a public form? How can you avoid having the
> > id in a hidden (and easily changed) form field? What techniques do
> > exist? I have some in mind as a workaround (like puting id in $_SESSION)
> > but I would like to hear other opinions.
>
> > Thanks
>
> You know what someone is allowed to do and what they aren't. So just
> check it when processing the form. Something like:
>
> if(isset($_POST['submit']) { //they submitted the form
> $id = $_GET['id']; //the id of the record they're trying to delete
>
> if(!user_is_allowed_to_delete($_SESSION['uid'], $id)) {
> //they're trying to delete something that they aren't supposed
> to
> }
> else {
> //they can delete this
> }
>
> }
>
> What you decide to put into user_is_allowed_to_delete is up to you.

Howzabout using a basic crypt function (with a key embedded in the php
script) to encrypt the ID of the record for display as a hidden field.

When the form is submitted, decrypt the hidden field using the same
key and hey-presto your record ID is known.

I sure there are other variants or ways to do it that may be more (or
less!) secure. Presumably this is not bulletproof (as nothing is)
however it may be sufficient for your task.

addiakogiannis has posted a function on http://uk3.php.net/crypt that
would do the job.

[Back to original message]