I don't think you need any more tables or inserts... just the correct SQL statement to verify admin access.
Thank you Ray. I do have an (unenviable) issue with over-thinking things, as I'm sure you're used to by now!
So on the Insert/Update page I create a recordset that pulls all of the authorised users out of the domain/user link table....how do I then compare the userID in session (created by MySQli Login User) with the results of that recordset? I understand how to do this when there's only one row in the recordset...
<?php if ($rsAUTHUSERS->getColumnVal("userID") == $_SESSION['userID']) { ?>
<display the Insert/Update form>
<?php } ?>
...what if there are multiple results?
You mention that this can be achieved in a SQL statement so maybe there's not even a need to have this if code on the page, rather it would just display a "you are not authorised" message if recordset is empty?
Appreciate the help, thank you.
NJ
EDIT: Thinking this through...I don't need to join the banner table at all, do I? I just need to check that the session userID created by MySQLi Login User is listed in the domain/user link table. Like so...
<?php
$rsISAUTH = new WA_MySQLi_RS("rsISAUTH",$csdbmysqli,1);
$rsISAUTH->setQuery("SELECT linkuserdomID, domainID, userID FROM linkuserdom WHERE domainID = ? AND userID = ?");
$rsISAUTH->bindParam("i", "".(isset($_POST['dID'])?$_POST['dID']:"") ."", "-1"); //colname
$rsISAUTH->bindParam("i", "".(isset($_SESSION['userID'])?$_SESSION['userID']:"") ."", "-1"); //colname1
$rsISAUTH->execute();
?>
I can then show/hide content based on whether or not that recordset if empty, right?