Not to pass an element ID through the Laravel URL

Asked

Viewed 677 times

0

This is my route: 

Route::get('empresas/deletar/{notice}', 'EmpresaController@deletar');

This is the action of the button: inserir a descrição da imagem aqui

This is my role in Controller: inserir a descrição da imagem aqui


What happens if I pass this URL directly in the browser 

localhost:8000/empresas/deletar/1

it erases directly has how to send the id of a particular record other than the way I’m using the button and that hides in the user’s view so he doesn’t know which ID is what he’s passing to the back-end because I am working with a system where several clients can register several companies and this way another client can exclude another company understands that it is not related to itself properly.

laravel laravel-5 laravel-eloquent laravel-5.3

  • Never place code images it seems to help but does not (https://pt.meta.stackoverflow.com/questions/5149/devemos-corta-a-mania-das-questions-com-imagem-do-c%C3%B3digo-ao-Inv%C3%A9s-do-c%C3%B3digo/5159#5159). From this, you will always have to send the id (or other unique identifier) in some way. The problem is not in the request itself, nor how it is done (it could be a POST instead of GET, but that would not avoid this scenario). The best thing you can do is check if the company was registered by the user who is trying to delete it, if yes, you can delete, if not, do not delete.

  • You can do this with ajax via POST so that the link is "hidden" to the user, but to ensure that the user does not delete other companies, you must check if the company belongs to him even before giving the delete...

1 answer

0

I did a slightly different example in a simple way as one can delete a certain data from a table.

in Controller I did

<?php

 namespace App\Http\Controllers;

 use App\Empresa;
 use Illuminate\Http\Request;

 class EmpresaController extends Controller
 {
  private $empresa;
  public function __construct(Empresa $empresa)
  {
    $this->empresa=$empresa;
  }

  public function index() {
     $empresas = $this->empresa->all();
     return view('welcome', compact("empresas"));
  }

  public function deletar($id) {
    $empresaDeletar = $this->empresa->find($id);
    $empresaDeletar->delete();

    $empresas = $this->empresa->all();
    return view('welcome', compact("empresas"));
}
}

in the web.php file I made:

<?php

 Route::get('/', 'EmpresaController@index');
 Route::get('/empresa/{id}/deletar', 'EmpresaController@deletar')- 
 >name('empresa.deletar');

Finally I made an example in a view, I did it just to illustrate but the ideal would be to have a table in the view.

<h1>Deletanto empresas</h1>

@foreach($empresas as $empresa)
    <p> {{$empresa->nome}} " - "
    Ação <a href="{{route('empresa.deletar',$empresa->id)}}">Deletar</a>
   </br>
@endforeach

Browser other questions tagged laravel laravel-5 laravel-eloquent laravel-5.3

You are not signed in. Login or sign up in order to post.