> >
> > There is no protection against url variables. I know.
> >
> > --Ali
> >
You can easily fix this issue by also requiring a Unique UserID to
be passed. Your messages table should already have this UserID
to allow you to get only that users messages. Your query should
require both of these to retrieve messages.
-Chris
========================================================================
This list server is Powered by iMS
'The Swiss Army Knife of Mail Servers'
--------------------------------------
To leave this list please complete the form at
http://www.CoolFusion.com/iMS.htm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
========================================================================
