1👍
✅
You are already doing the correct thing, which is to check the user’s credentials in your view function before saving.
There is no way to stop malicious users from posting any data to any url they choose to… you have to ensure that your views which receive post data only perform legal actions.
Source:stackexchange.com