Use $AUTH_USER for the username, and you shouldn't need to pass the
password.  Just do a query:

INSERT INTO tablename (field1,field2,field3) values('','','') where username
= $AUTH_USER


________________________________________________
 Ryan Marrs
 Web Developer
 Sandler and Travis Trade Advisory Services, Inc.
 248.474.7200 x 183
 http://www.strtrade.com
 
 

-----Original Message-----
From: Jack [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 28, 2001 11:37 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [PHP-DB] php and mysql security problem

Dear all

I had a security problem with my homepage. I'm using the IIS 4 to host my
webpage, and i got the php to run as the script of the webpage and the
database i'm using for the database is mysql.
Here is my question :
There is a table in mysql which will let user to input some records to, then
the user will update and retreive the records.
But what i to do is limit the user update to the record which the user
should be.
I mean when user1 had insert a record into table, and he found out that
there is some update need to do for the record he just inset, so he update
that record. but i don't want other people can update his record.

Is there also possible for php to grab the username and password from the
window base which logged on to a Domain and pass it to MYSQL!!

Thx
Jack
[EMAIL PROTECTED]



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to