Sounds about right...I would use the session variable for the user name so that is not even present...but that is the result that you want...

Bastien


From: Stuart Felenstein <[EMAIL PROTECTED]>
To: Bastien Koert <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [PHP-DB] Passing URL parameters, how to hide
Date: Tue, 21 Sep 2004 08:17:43 -0700 (PDT)


So what I did was this statement: SELECT * FROM  Table
WHERE RecordID = blue and UserID = red
blue is the variable for the recordID
red is the variable for the userID

So now when I change either of those variables in URL
no record is returned.

Did I finally get this right ?

Stuart



--- Bastien Koert <[EMAIL PROTECTED]> wrote:

> >When I
> > > request "update.php?recordID=2", you should be
> doing
> > > something like "SELECT
> > > * FROM Record_Table WHERE recordID = 2 AND
> userID =
> > > 3", ...............


_________________________________________________________________
Take advantage of powerful junk e-mail filters built on patented Microsoft® SmartScreen Technology. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to