close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Alternative to URL Parameter?

Thread began 7/13/2012 8:59 am by iainmacdonald331081 | Last modified 7/13/2012 9:54 am by iainmacdonald331081 | 2719 views | 2 replies |

iainmacdonald331081

Alternative to URL Parameter?

I'm working on a project that has registration / login for site owners / admin and also trade users. Its all working fine with the registration /login / password reminder / update profile etc.

The site also includes pages listing details of lodge properties, which are initially created by the site owners using a database. I am now adding pages that will allow the owners of the lodges (trade users) to edit some of the details when they are logged in.

I have this all working, using the SecurityAssist_UserID session variable to list Lodges where the UserID field matches that Session variable, and a URL parameter to view the Update page.

So a standard link:

<a href="../updateLodge/index.php?LodgeID=<?php echo(rawurlencode($row_SecurityAssisttradeusers['LodgeID'])); ?>"><?php echo $row_SecurityAssisttradeusers['Lodge']; ?></a>

To:

$query_WADAlodges = sprintf("SELECT * FROM lodges WHERE LodgeID = %s", GetSQLValueString($colname_WADAlodges, "int"));

Type thing.

Which does all work, but I realised that a different lodge's details could obviously still be viewed there just by changing the ID at the end of the URL.

So my question is whether or not there's an alternative method using Sessions (which I always seem to have a mental block with) that would prevent that from being possible?

I've attached a couple of pages for reference.

Thanks again.

Attached Files
webassist.zip
Sign in to reply to this post

Jason ByrnesWebAssist

add another condition to the where clause:

AND UserID = paramUserID

Variable
Name:paramUserID
Type: int
Default value: -1
Run Time Value: $_SESSION['SecurityAssist_UserID']


that way if they change the URL parameter, it wont show the record unless it is theirs.

Sign in to reply to this post

iainmacdonald331081

Thanks Jason - perfect!

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...