Answer the question
In order to leave comments, you need to log in
S
S
Space2015-07-08 11:06:40
Space, 2015-07-08 11:06:40
How to transfer a token to the VK API?
I send the request to VK in this way:
public function api($method, $params = []) {
return $this->_vk->api($method, $params);
}Where should I pass the token here, because execute does not work without a token at all.
1 answer(s)
@be_a_dancer
S
Sergey Popov, 2018-11-03 @be_a_dancer
1) Store access levels in cookies - voluntarily expose your site to hacking - store them in a database and always check.
2) Use prepared queries in PDO - this code is susceptible to SQL injection.
3) Throw out the first condition - the method must return an error in any case, except for the situation when the person's ID matches the post author's ID.
4) The mysql extension has long been deprecated. Use PDO or mysqli.
$userId = $_COOKIE['id'];
$postId = $_POST['delId'];
$status = $_COOKIE['status'];
$query = mysql_query("SELECT * FROM posts WHERE post_id=" . $postId . " AND author_id=" . $userId);
$rowsCount = mysql_num_rows($query);
if (!$rowsCount == 0 || $status == 1) {
$deleteQuery = mysql_query("DELETE FROM posts WHERE post_id=" . $postId);
} else {
print ("error");
}
Similar questions
G
A
A
P
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question