For whatever reason I can not use session only here. It does not return the correct record from the table.
Don't say that you cannot use sessions, just say that you haven't figured out how to correctly use them, yet.
Maybe that doesn't make anysense. In the listing of recods where the user would click to go update, there is a repeat region SQL statement that shows all records from table under session ID.
What do you mean by "session ID" here? What is that?
e.g. Record_Table
recordID userID info1name info1details 1 3 somename sos 2 4 somename sos 3 3 somename sos 4 4 somename sos 5 3 somename sos 6 5 somename sos
Okay, so explain this table structure to us. If I log in as UserID #3, does that mean I have access to records 1, 3 and 5?
How do you remember that I'm UserID #3 as I go throughout the site? When I request "update.php?recordID=2", you should be doing something like "SELECT * FROM Record_Table WHERE recordID = 2 AND userID = 3", which will not return any rows. So now you can say "Record does not exist or you do not have access to it". Do the same thing when you UPDATE the record "UPDATE Record_Table SET info='$info' WHERE recordID=2 AND userID=3". that update will not update anything if they userID doesn't match and you can show an appropriate message (there's usually an "affected_rows()" function for your database that's useful here).
You still need to validate "recordID" to ensure it's an integer before you put it in your query and ensure user's can't change their own userID, but hopefully you're getting the idea, now...
---John Holmes...
(FYI: Please trim your posts)
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
