Update form path visible to all users
This is probably a htacess issue, but not sure exactly how to manage it.
Membership site, used Security Assist to create login in and access to a member only folder. Within that folder are pages to be viewed once logged in. All good so far. But also within that folder is a DataAssist updater form so members can change their address, phone, etc. All good so far. BUT, when a user is logged in, and if web savvy, can read the path and their member ID in the browser URL bar, ie, membership_Update.php?mem_ID=13
so if they replace 13 with 22, they would be able to update another member's information.
Did I miss a step in Security Assist? Is there an additional step needed to secure this area?
Thanks for help...