Restricting available url parameters

A place for users and developers of the Xataface to discuss and receive support.

Restricting available url parameters

Postby tomhousley » Tue Apr 27, 2010 1:18 am

Hello,

Say I have a table consisting of companies called tbl_companies:

Code: Select all
com_id
com_companyname
com_description
com_status

I can access these by the url parameters eg. example.com/index.php?-table=tbl_profiles&com_id=2

Is there a way to restrict people from using the other fields such as: example.com/index.php?-table=tbl_profiles&com_companyname=foo

I don't necessarily want to restrict them from viewing the company name, just want to restrict their ability to apply their own url parameters

Many thanks, Tom
tomhousley
 
Posts: 52
Joined: Thu Feb 26, 2009 1:02 am
Location: United Kingdom

Re: Restricting available url parameters

Postby PolderBoy » Wed Apr 28, 2010 1:03 am

Hello Tom,

Yes, you could use the function:

Code: Select all
init(&$table)
{
   if ( isset($_REQUEST['com_companyname']) and @$_REQUEST['-table'] == 'tbl_profiles' )
   {
   $_REQUEST['-table'] = $_GET['-table'] = 'tbl_profiles';
   }
}


You would place this function in 'tbl_profiles.php' and in the class 'tables_tbl_profiles'
This is not tested code, so there could be some errors in it.
But you get the drift. I hope.

PolderBoy
PolderBoy
 
Posts: 72
Joined: Fri Apr 03, 2009 12:53 am

Re: Restricting available url parameters

Postby shannah » Tue May 04, 2010 8:58 am

I think PolderBoy is on the right track. If you place this code in the init() method it will be called once when that particular table is loaded. However this is a bit touchy because some users (like the admin) you still want to be able to use these parameters.

Why do you want to restrict users from searching on these parameters? There may be a better approach to achieve your security goals, but I'd need to know more about the goal in order to comment.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 36 guests

Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved