if i understand it right, you dont want other users to edit the other users posts?
OK, i do it with 2 things. first, the userID of the logged in User. store it in a session. its easy with security assist.
then, to make sure no one can change the postID create a hush, so i call it.
so you got a recordset of all the posts a user posted.
so, normaly you link: ......showpost.php?postID=8
but then it doesent work with dataassist, cause there is only one where possible.
so you need 2 parameters.
so, you got the postID and the userID this will create the SEC
in the showpost.php page, just check if the posted SEC is the SHA1 of the posted postID and the in session stored userID.
if so, you can use the postID.
And use that in Dataassist.
I hope you understand what I want to say ;-)