safest way to let users with no login to delete mysql entry

so heres the problem,i have an if() statement that determines whether a user has visited my site before, if they have then they have an option for removing their record from the database. Problem is, i cant see any safe way to do this. They are public users. Im just confused, id have to do it with ajax im …

via PHP Website Development » Search Results » ajax:

safest way to let users with no login to delete mysql entry

so heres the problem,
i have an if() statement that determines whether a user has visited my site before, if they have then they have an option for removing their record from the database. Problem is, i cant see any safe way to do this. They are public users.
Im just confused, id have to do it with ajax im guessing?!?
………………………….

When a user visits your site, store a cookie on their computer containing a large random number, preferably encrypted and a smaller id number. When storing the record in your database, include that same large random number, again preferably encrypted (both while in your database and in transit) and the id number.
When a user wants to delete their record, they need only submit the id number and the large random number (preferably encrypted) that are stored on their computer, along with a flag indicating that they want to delete the record. (Of course they should not be doing this manually, you will need to write code that handles the dirty work.) Then, your server will look at the record with the specified id number, check if the large random number matches the one stored, and if so delete the record.

For more info: safest way to let users with no login to delete mysql entry

PHP Website Development » Search Results » ajax

safest way to let users with no login to delete mysql entry

Share this post:

Related Posts

Leave a Comment