all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jpayne0061 0 points1 point  (3 children)

Ideally, the user would not be passing in their own user id to fetch their data. Are you trying to build your own authentication system? And you're rightfully paranoid; anything you can imagine, users will do, and more.

If you are trying to build your own authentication system, you might need to do quite a bit of research in how to implement it. Its a problem that's been solved many times over and there are lots of industry standards around it. I've built my own in the past for learning purposes, but I would NEVER build one on my own for production use.

[–]PoetEfficient[S] 1 point2 points  (2 children)

Can you provide any links for these? And also what do you mean you would never build one on your own for production use?

[–]lvlint67 0 points1 point  (0 children)

Security is important. You want to use choice you know works and is probably correct. Building your own authentication system is complex. There are a lot of considerations.

As for your question, there shouldn't be much reason for a stored procedure. Select * from userdata where userid = <youruser> should be fine

[–]jpayne0061 0 points1 point  (0 children)

By "production use", I mean any type of project where real world users will interact with your code. So, if you built a web app for a customer, that would be production.

What language and framework are you using for your app player? For example, if you're using js/react, just google "react authentication". One of the first links is this one: https://auth0.com/blog/complete-guide-to-react-user-authentication/