p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: Limit users to see only one record


Message #1 by aodor@c... on Thu, 5 Sep 2002 23:26:07
Is it possible to limit the users of a database to see and edit only one 
record?
I'm building an intranet directory and I want teh users to be able to see 
all records, but to modify only their own record.

I'm using PHP and MySQL (most recent stable releases under Win2000, IIS)

Alberto Odor, MD
Mexico City
Message #2 by "Nikolai Devereaux" <yomama@u...> on Thu, 5 Sep 2002 15:29:41 -0700
Yes.. what your asking is basically how to implement permissions or
capabilities checking in your application.

A simple approach would be to only generate the edit link for the user who's
user id matches the id of the row in the directory database.

Typically, I like to store most user information like that in session vars.

if($current_user_id == $row['user_id'])
{
   // display edit link.
}


Make sure you check the user id's on the receiving end of the form as well,
since you don't want anyone to spoof the edit link and edit other people's
information.


take care,

nik


  Return to Index