Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Search | Today's Posts | Mark Forums Read
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Dreamweaver (all versions) section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old December 1st, 2003, 07:25 AM
Registered User
 
Join Date: Dec 2003
Location: Reading, Berkshire, United Kingdom.
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Passing URL data

Hi,
I worked my way through the Dreamweaver MX: PHP & MySQL development book and everything seems to work fine. I have since produced a catalog using a similar technique of passing the ID field via the URL and using this to select records on the next page.

The problem I have here is, it is possible to alter the URL to a different record number and view it. I want to prevent this because I only want the user to be able to view / update their own record.

Any ideas on how best to accomplish this ?

Thanks
Brian

Reply With Quote
  #2 (permalink)  
Old December 1st, 2003, 07:37 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Brian,

You can't really prevent that; users will be able to pass in anything they want in the URL and you can't stop them.

What you'll need to do is run a check at the beginning of the page and see if the current user has sufficient rights to view the requested page. You could create a method that passes the UserID and the requested Item ID to a database that then determines whether they can view it or bot. If not, redirect them away from the page, and show the item if they do have enough rights.

Cheers,

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Reply With Quote
  #3 (permalink)  
Old December 1st, 2003, 08:22 AM
Registered User
 
Join Date: Dec 2003
Location: Reading, Berkshire, United Kingdom.
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Imar,

Thank you very much for your help. Much appreciated.

Best regards
Brian

Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Passing parameter in URl alamoudi ASP.NET 1.x and 2.0 Application Design 0 May 2nd, 2007 02:10 AM
Passing parameters in URL british4 Crystal Reports 1 June 27th, 2005 02:55 AM
Passing URL in a Querystring hugh@kmcnetwork.com Javascript How-To 3 July 8th, 2004 04:59 PM
Passing a URL to fopen() dadio PHP How-To 4 April 6th, 2004 06:58 PM
passing a variable through URL katie456 Classic ASP Databases 2 January 20th, 2004 11:27 PM



All times are GMT -4. The time now is 10:03 PM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.