Use $AUTH_USER for the username, and you shouldn't need to pass the password. Just do a query:
INSERT INTO tablename (field1,field2,field3) values('','','') where username = $AUTH_USER ________________________________________________ Ryan Marrs Web Developer Sandler and Travis Trade Advisory Services, Inc. 248.474.7200 x 183 http://www.strtrade.com -----Original Message----- From: Jack [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 28, 2001 11:37 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [PHP-DB] php and mysql security problem Dear all I had a security problem with my homepage. I'm using the IIS 4 to host my webpage, and i got the php to run as the script of the webpage and the database i'm using for the database is mysql. Here is my question : There is a table in mysql which will let user to input some records to, then the user will update and retreive the records. But what i to do is limit the user update to the record which the user should be. I mean when user1 had insert a record into table, and he found out that there is some update need to do for the record he just inset, so he update that record. but i don't want other people can update his record. Is there also possible for php to grab the username and password from the window base which logged on to a Domain and pass it to MYSQL!! Thx Jack [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]