how to prevent user to changing/deleting other user data
I am creating multiuser application. created using php codeigniter And I am seeking the best practice or the best way to prevent user to changing/deleting other user data.
I have some relational tables.
- tbl_users (user_id, user_name, password)
- tbl_stores (store_id, user_id, store_name, store_url)
- tbs_products (product_id, store_id, product_name)
Each user have its own store, and each store may have many products.
So, what is the best ways, to prevent user from deleting other user data?
I actually, have create some code in the model, but since i am kind of newbie, i am not sure, if this is the right way, my code is like this.
function remove_product($product_id)
{
$this->db->from('products as p');
$this->db->join('stores as s', 's.id = p.store_id');
$this->db->where('p.id', $product_id);
$this->db->where('s.user_id', $this->session->userdata('id'));
if($this->db->count_all_results())
{
$this->db->where('id', $product_id);
return $this->db->delete($th开发者_如何学JAVAis->table);
}
}
Please advise if this approach is correct or not, or if there is better way to do this.
Regards
Before deleting something check if the owner of that is the same as the session user.
精彩评论