jquery - Ajax - security breach? - PHP -


i build system in php, have page name x.php , in page create variable name $accountid , acocunt id sesstion.

now have others varibles in php @ same page calls functions in other page called functions.php, , deliver accountid, function return info account (for example name of user..)

is security breach?

i mean user can call in ajax function other accountid , can info other account?

here code example:

<?php      include "includs/config.php";      if(!isset($_session[get("session_name")])) {              header("location: index.php");     }     $accountid = getaccountid($_session[get("session_name")]);     $e = getecategorys($accountid); ?>   function gete($accountid){     $query = mysql_query("select * `x` `accountid` = $accountid");         while($result = mysql_fetch_assoc($query)){         // info account..     } } 

yes right. user can information passing accountid function. solution: can check session variable , passed accountid. can put condition, if session variable (accountid) matched passed accountid function retrieve data otherwise gives error.

second solution achieve thing class base, setting private member variable of accountid.

hope helps.


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -