Last updated
3 years ago.
Solution
Here's some of the work around I can think of.
- Validation check before updating database. (Ownership, Permission, etc)
- If you have to use hidden field, at least encrypt ID.
- Avoid using ID with predictive symbols such as 1, 2, 3, ... n, a01, a02, a03, etc.
- Use session to store the current editing record from server side instead of relying on client side.
- Security token
Last updated
10 years ago.
I have ended up going for storing the ID in the session but will certainly have a look at the other options.
Thought about use MySQL UUID() function.
Thanks
Sign in to participate in this thread!
