I use dreamweaver and I have constructed a master-detail page set in php.
When someone hits a link on master page, then it goes to the appropriate detail page.
But the url of the detail page in browser, dislpay the id of the page.
So, if someone wants to see something I do not, all he has to do is change the id number on address bar of browser.

I am searching a way to avoid this.

Also, this could help in case someone finds a url page of the site on google, that no longer exists in site because of an old and deleted record.

I have a very similar problem in asp some time ago: http://p2p.wrox.com/post.asp?method=...32&FORUM_ID=55


I tried the 'show region if recordset is not empty' server behavior of Dreamweaver but it has not given solution to the problem. It does not seem to work. But even if it worked, it would help in the google situation I described above.
The url hacking could be (and still remains) possible.


So here are examples:

Index page(master page): http://localhost/index.php
Detail page: http://localhost/detail.php?recordID=1200

My database also has records with id's like 1201, 1202 that I decide not to have visible in master page, although they exist in mysql database. But, the visitor can change the record id varable to 1201, and simply see something I did not wanted to see.

How can I prevent someone doing this?
My records also have date field so I think it would help to tell the code not to display id if date is in the future. Only display current date's records and these of the past.

I am waiting your valuable response. I can post the part of code also.

Thanks in advance