Jaynesh Posted July 9, 2011 Share Posted July 9, 2011 Hello I've setup a friends script. When Billy adds John as friend. The information is entered into a friend_request(my_id, friend_id) When John has accepted the friend request. it is added to another table called friend_approved(my_id, friend_id) using this query: $user = $_SESSION["valid_id"]; $friendid = $_GET["id"]; "INSERT INTO dbFriends (user_id, friend_id) VALUES ($user, $friendid)"; as you can see from the code anybody could manipulate the GET header in the url, to add any id they want. How do I make it so it can only add entries that are in the friend_request table and matches the users session id? Quote Link to comment Share on other sites More sharing options...
gizmola Posted July 9, 2011 Share Posted July 9, 2011 Why have 2 tables, rather than adding a status to friend_request? Quote Link to comment Share on other sites More sharing options...
Jaynesh Posted July 9, 2011 Author Share Posted July 9, 2011 i love you Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.