Re: Passing URL parameters, how to hide

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- John Holmes <holmes072000@xxxxxxxxxxx> wrote:

> From: "Stuart Felenstein" <stuart4m@xxxxxxxxx>
> > For whatever reason I can not use session only
> here.
> > It does not return the correct record from the
> table.
> 
> Don't say that you cannot use sessions, just say
> that you haven't figured 
> out how to correctly use them, yet.

Okay, I can admit that much ;)



> > Maybe that doesn't make anysense.  In the listing
> of
> > recods where the user would click to go update,
> there
> > is a repeat region SQL statement that shows all
> > records from table under session ID.
> 
> What do you mean by "session ID" here? What is that?

 I *think* what would be commonly referred to as
session variables.  Consisting of Username, UserID
(the original id assigned to user with registration,
and access level.

> 
> > e.g.
> > Record_Table
> >
> > recordID   userID     info1name     info1details
> >   1         3         somename        sos
> >   2         4         somename        sos
> >   3         3         somename        sos
> >   4         4         somename        sos
> >   5         3         somename        sos
> >   6         5         somename        sos
> 
> Okay, so explain this table structure to us. If I
> log in as UserID #3, does 
> that mean I have access to records 1, 3 and 5?

Correct


> How do you remember that I'm UserID #3 as I go
> throughout the site? 

By using both the UserID and AccessLevel.  Pages are
marked with a "restrict access" to a certain level or
type.  Generally the pages that are restricted now are
form pages.  So there is also a grabbing of the
session varaible , in this case the userid.


When I 
> request "update.php?recordID=2", you should be doing
> something like "SELECT 
> * FROM Record_Table WHERE recordID = 2 AND userID =
> 3", which will not 
> return any rows. 

Okay that makes sense I will try that.  Though I'd
imagine the SQL will need to be different since I
could be dealing with hundreds, thousanda etc of
records.


Stuart

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux