View Single Post
  #4 (permalink)  
Old August 18th, 2009, 03:08 AM
Steve777 Steve777 is offline
Authorized User
 
Join Date: Jan 2005
Location: , , .
Posts: 46
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Imar and OP, thank you very much - that's very helpful. I do indeed have a session variable set for the logged-in user, so I assume the right approach is to simply use the basic autonumbered identity (1,2,3...) in the query string, and before returning the data from the database check that the record it matches also matches the id of the logged-in user. Is this correct?

Also, out of interest, Imar, you mention true, long IDs are the things I will have seen sometimes in a URL. Is this not exactly the method I was suggesting? Why are those IDs something other than what you describe as obscured simple IDs? And why could they not be passed around by people in the way that OP describes? I would be grateful if you would educate me on the differences in these things. Thanks.
Reply With Quote