Hi list I've got a concern for a user add/edit form. Right now when the user is logged in, I put its id in the session. Then when the user edits his details I put the id in the form and when it comes back I verify if the id matches the one in the session. Is it possible for someone who does not have access to the server to edit arbitary accounts? With kind regards Andy -- Now listening to Top! Radio Live www.topradio.be/stream on amaroK Geek code: www.vlaamse-kern.com/geek Registered Linux User No 379093 If life was for sale, what would be its price? www.vlaamse-kern.com/sas/ for free php utilities --
Attachment:
pgpOJ0zaK4YP9.pgp
Description: PGP signature
