Login with Google
Restrict Edit/Delete to Logged-in Users (PHP Authorization)
📌 Why Authorization Matters
Without proper authorization,
👉 anyone can edit or delete your data.
This is a critical security issue.
1️⃣ Save user_id when uploading
In upload.php:
session_start();
$user_id = $_SESSION['user_id'];
INSERT INTO gallery (title, image_url, user_id)
VALUES (?, ?, ?)
2️⃣ Check ownership before delete
In delete.php:
session_start();
$user_id = $_SESSION['user_id'];
$id = $_GET['id'];
$stmt = $conn->prepare("SELECT user_id FROM gallery WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row['user_id'] != $user_id) {
die("Unauthorized access.");
}
👉 Only the owner can delete
3️⃣ Check ownership before update
In update.php:
session_start();
$user_id = $_SESSION['user_id'];
$stmt = $conn->prepare("SELECT user_id FROM gallery WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
$row = $stmt->get_result()->fetch_assoc();
if ($row['user_id'] != $user_id) {
die("Unauthorized.");
}
4️⃣ Hide buttons in UI (optional)
In gallery.php:
<?php if ($row['user_id'] == $_SESSION['user_id']): ?>
<a href="edit.php?id=<?= $row['id'] ?>">Edit</a>
<a href="delete.php?id=<?= $row['id'] ?>">Delete</a>
<?php endif; ?>
👉 Improves UX (but not security alone)
Restrict Edit/Delete to Logged-in Users (PHP Authorization)
전혜주
Apr 30, 2026
👁 11 views