Use $AUTH_USER for the username, and you shouldn't need to pass the
password. Just do a query:
INSERT INTO tablename (field1,field2,field3) values('','','') where username
= $AUTH_USER
________________________________________________
Ryan Marrs
Web Developer
Sandler and Travis Trade Advisory Services, Inc.
248.474.7200 x 183
http://www.strtrade.com
-----Original Message-----
From: Jack [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 28, 2001 11:37 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [PHP-DB] php and mysql security problem
Dear all
I had a security problem with my homepage. I'm using the IIS 4 to host my
webpage, and i got the php to run as the script of the webpage and the
database i'm using for the database is mysql.
Here is my question :
There is a table in mysql which will let user to input some records to, then
the user will update and retreive the records.
But what i to do is limit the user update to the record which the user
should be.
I mean when user1 had insert a record into table, and he found out that
there is some update need to do for the record he just inset, so he update
that record. but i don't want other people can update his record.
Is there also possible for php to grab the username and password from the
window base which logged on to a Domain and pass it to MYSQL!!
Thx
Jack
[EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
