Showing id in url is a risk for me and my members
Hi,
I have used the SA wizard to create users login accounts.
I've also used the DA wizard to build a members log where logged in members can create, post and edit logs.
Returning members login and are redirected to a dashboard which is populated with only their logs and account details.
Each log shown has its own edit button so the member can select it and the id is passed to the update.php where they can edit and save.
And so my problem...
Unfortunately, members could change the record id in the url and potentially access other members logs, thus; ../update.php?id=1 or 2 or 3 or 3 etc.. and edit the detail.
How can I prevent members from doing this?
Advice welcome.
Thanks, Paul.