Hi,
I worked my way through the Dreamweaver MX: PHP & MySQL development book and everything seems to work fine. I have since produced a catalog using a similar technique of passing the ID field via the URL and using this to select records on the next page.

The problem I have here is, it is possible to alter the URL to a different record number and view it. I want to prevent this because I only want the user to be able to view / update their own record.

Any ideas on how best to accomplish this ?

Thanks
Brian

Hi Brian,

You can't really prevent that; users will be able to pass in anything they want in the URL and you can't stop them.

What you'll need to do is run a check at the beginning of the page and see if the current user has sufficient rights to view the requested page. You could create a method that passes the UserID and the requested Item ID to a database that then determines whether they can view it or bot. If not, redirect them away from the page, and show the item if they do have enough rights.

Cheers,

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.

Hi Imar,

Thank you very much for your help. Much appreciated.

Best regards
Brian