I'm confused about the ajax process (view, update, etc.) I am fetching user data with use data-attributes. For example;
I have a user list table and I've put action buttons (edit, delete) on this table. If I click to edit button, I open a modal box and write data to forms input with ajax requests.
$(document).on('click', '#editAction', function(z){
z.preventDefault();
var id = $(this).attr('data-id');
$.ajax({
type: 'post',
URL: 'edituser',
data: {id: id},
success: function(response) {
if(response) {
$('#editmodal').modal('show');
$('#username').val(response.user_name);
$('#email').val(response.user_email);
}
}
});
});
So far everything is normal. I can change the data-id attribute value via the developer tools. When I click after changing the value, fetches data with the new ids. For me, it's not safe because some data is not visible to some users but by changing this value users can see all data and can handle all processes.
is there any way to make this safe?
332
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
