yes, i understand this.
to work around the issue modify the recordsets so that they use the ID session instead of the id querystring.
if you modify the recordsets to use the session instead of the querysting for filtering the data that is displayed, then users cannot modify other users records.