Alternative to URL Parameter?
I'm working on a project that has registration / login for site owners / admin and also trade users. Its all working fine with the registration /login / password reminder / update profile etc.
The site also includes pages listing details of lodge properties, which are initially created by the site owners using a database. I am now adding pages that will allow the owners of the lodges (trade users) to edit some of the details when they are logged in.
I have this all working, using the SecurityAssist_UserID session variable to list Lodges where the UserID field matches that Session variable, and a URL parameter to view the Update page.
So a standard link:
<a href="../updateLodge/index.php?LodgeID=<?php echo(rawurlencode($row_SecurityAssisttradeusers['LodgeID'])); ?>"><?php echo $row_SecurityAssisttradeusers['Lodge']; ?></a>
To:
$query_WADAlodges = sprintf("SELECT * FROM lodges WHERE LodgeID = %s", GetSQLValueString($colname_WADAlodges, "int"));
Type thing.
Which does all work, but I realised that a different lodge's details could obviously still be viewed there just by changing the ID at the end of the URL.
So my question is whether or not there's an alternative method using Sessions (which I always seem to have a mental block with) that would prevent that from being possible?
I've attached a couple of pages for reference.
Thanks again.