How to prevent a user from leaving comment to another user

Question

Suppose I have a site where users can leave each other comments.

we have user A, user B and user C. also, support user B has blocked user C.

user A leaves user B a comment, code is as follows:

$query = "insert into comments (author_id, profile_id, comment, date_posted) values(?, ?, ?, now())";

That is the query that that does the job. now user C goes to user B's page to leave a comment, but user B has blocked him from leaving comments.

Can't user C just leave a comment for another user, and just craft the request so he changes profile_id of to the user that has him blocked?

How can i prevent this?

You have to check if user is not in black list **before** you perform insert. Never trust any data comes outside — zerkms, Apr 19 '12 at 22:10
How are you storing the block? Your code has to check that mechanism. — webbiedave, Apr 19 '12 at 22:10

score 1 · Accepted Answer · answered Apr 19 '12 at 22:15

1

I think you need to make another query and a conditional with that result. Create a query to get user B's blacklist $blacklist then check if (!in_array('user C', $blacklist)) { execute insert query }

answered Apr 19 '12 at 22:15

Jack

5,680
10
49
74

1

`Create a query to get user B's blacklist $blacklist then check if (!in_array('user C', $blacklist))` --- why not to do that in a single query – zerkms Apr 19 '12 at 22:16

How to prevent a user from leaving comment to another user

1 Answers1