Blog Code Help

[RoboticPro]

Hello my name is Brian and I'm new to this forum.
I'm from the Netherlands and this is my first thread.
So be gentle with me

I'm working on a blog code to improve my coding.
The following things are done:
Add posts
View posts by user
View all posts
View posts in detail

Now i'm trying to make a edit/delete page.
I can't get the delete page to be secure enough
so i was wondering how you guys do it.

Greetings Brian

 

[nafirici]

What do you mean exactly when you say "not secure enough"?

Are you sanitizing your data to prevent sql injections? If you give users the ability to delete, I would flag it to be deleted using a tinyint field and stop showing it, but force an admin to actually remove the database record with an admin delete function.

 

[RoboticPro]

I mean it's not secure when i use an url to delete the post like function=delete&id=1

 

[nafirici]

you can look up the users that have access to delete the post, posting user and admin users for example. Then, if the user has access to delete, then delete, otherwise throw an error.

 

[StrongDesigns]

Create a login system with php using sessions, then check the session to ensure that the user is actually logged in.

Or if you have a static ip, you can check against that IP since that can be faked easily.