Nope, can't get to any other record. One would have to match both userid and recordID to get a hit. Perhaps now I should put this into a form and send it via hidden fields , for another layer of protection.
Stuart --- John Holmes <[EMAIL PROTECTED]> wrote: > From: "Stuart Felenstein" <[EMAIL PROTECTED]> > > > So what I did was this statement: SELECT * FROM > Table > > WHERE RecordID = blue and UserID = red > > blue is the variable for the recordID > > red is the variable for the userID > > > > So now when I change either of those variables in > URL > > no record is returned. > > > > Did I finally get this right ? > > You tell us; can you get to any other record? Sounds > like you're heading in > the right direction, though... > > ---John Holmes... > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php