Skip to content Skip to sidebar Skip to footer
Home / Html / Jquery

Users Can Change Html Code To Delete What They Want

Post a Comment
I have this javascript to remove a certain image from the website: $(function() { $(document.body).on('click', '.deleteImg', function() { var item_id = $(this).attr('id');

Solution 1:

If I'm understanding your question correctly, you need to verify that the user has permission to delete the image before you actually delete the image. This must be done on the server side, using whatever authentication you are currently using.

Never, never, NEVER rely on the accuracy of user input to perform actions like this. ALWAYS recheck to make sure the user has permission to do something like this before doing it.


Solution 2:

You can't control what HTTP requests come into your server.

You have to perform some kind of authentication and authorization process.

Identify who the request is coming from (e.g. with a login system) then check they are authorized to delete whatever it is they are trying to delete (e.g. check that the user id in the "owned_by" column matches the user id of the authenticated user).


Post a Comment for "Users Can Change Html Code To Delete What They Want"