Jaynesh Posted July 9, 2011 Share Posted July 9, 2011 Hello I've setup a friends script. When Billy adds John as friend. The information is entered into a friend_request(my_id, friend_id) When John has accepted the friend request. it is added to another table called friend_approved(my_id, friend_id) using this query: $user = $_SESSION["valid_id"]; $friendid = $_GET["id"]; "INSERT INTO dbFriends (user_id, friend_id) VALUES ($user, $friendid)"; as you can see from the code anybody could manipulate the GET header in the url, to add any id they want. How do I make it so it can only add entries that are in the friend_request table and matches the users session id? Link to comment https://forums.phpfreaks.com/topic/241490-friend-request-verification/ Share on other sites More sharing options...
gizmola Posted July 9, 2011 Share Posted July 9, 2011 Why have 2 tables, rather than adding a status to friend_request? Link to comment https://forums.phpfreaks.com/topic/241490-friend-request-verification/#findComment-1240482 Share on other sites More sharing options...
Jaynesh Posted July 9, 2011 Author Share Posted July 9, 2011 i love you Link to comment https://forums.phpfreaks.com/topic/241490-friend-request-verification/#findComment-1240509 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.