You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
constSELLER_ID=`SELECT id FROM devpop_users WHERE devpop_users.name = ($1)`;
Rather than using a user-submitted name (which anyone can guess/fake), you should use the sid from the cookie to look up the seller_id from the sessions table. That way users can only ever submit as themselves, and you can guarantee there will always be a valid user
The text was updated successfully, but these errors were encountered:
week3-auth-team2/database/model.js
Line 26 in 8ba8bde
Rather than using a user-submitted name (which anyone can guess/fake), you should use the
sidfrom the cookie to look up the seller_id from the sessions table. That way users can only ever submit as themselves, and you can guarantee there will always be a valid userThe text was updated successfully, but these errors were encountered: