I am wondering what is the right way of doing this.
I have an admin panel, and a page to edit the user profile of others and update them.
Currently the url is in the form
Where 3 is the userid.
Obviously while updating, User_id will be the only thing that will remain constant as admin can change any other data. and I also need the user_id to check if the email is unique and ignore just for the current user_id existence.
I am POSTing user_id as a hidden field. I am sure this is subject to sql injection, or can crash the app or cause data issues if the user mess with the hidden field.
What is the right way of doing this?
Note: I am not trying to edit my user page. I am the Admin, and I am trying to edit other's profile.
P.S : Struggling to find a field to compare and verify I am updating the right user.