I am sorry I wrote everything in a hurry and I've not been clear enough. I have 4 tables:
Now let's say one employer is logged in, its UserID will be stored in the session (like $_SESSION['uid']).
Now if the employer want to see the employees that applied to a job he/she posted, will be able to see this by changing the jobID that will be passed as parameter.
If the employer change the parameter the select query that take the data from JobsEmployees will run with undesirable results, as we do not check the EmployerID that posted the job (Jobs.EmployerID). As result any Employer logged in will be able to see all jobs applicants for a job (even if the job posted do not belong to them) by changing the parameter in the URL (jobID).
I was thinking that I may prevent this in several ways and not sure what it will be the best practice:
To make a join between the JobsEmployees and Jobs and check the EmployerID against the session ID.
To add another field to the JobsEmployees table to record the EmployerID so the select query will account the EmployerID.
Or to make a new query that will check the EmployerID against the session ID, than moving to the query that select data from JobsEmployees.