close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Edit a record

Thread began 11/21/2012 7:34 pm by thehalpeen319342 | Last modified 11/27/2012 8:20 am by thehalpeen319342 | 741 views | 7 replies |

thehalpeen319342

Edit a record

Dear Jason: The registration form is almost ready to go live - thank God. Between yourself and Ray I've learned a lot about the power of WebAssist's Data Bridge. Let me also say that the support offered by WebAssist is excellent and you guys are very patient and great teachers. Anyway let's get on with my last query before I go live.

Please note that the figures I refer to below are on the attached pdf.

Attached is page with Family A and their members. At login the Household Id is captured in a session called SecurityAssist_familyID – each family has only one username and password .
I want to edit say Member No 17. Currently I am using a get/url variable - see code at bottom of Figure 1.

So I click on edit and I’m brought to the following page – members_update.php (Figure2). However the ID is visible in the address bar of the browser with the result that this user could easily change the details of another family member by just changing the id number in the address bar and editing the record.

How can I prevent this from possibly happening

Attached Files
Edit Record problem.pdf
Sign in to reply to this post

Ray BorduinWebAssist

You would update the recordset on the members_update.php page so that it filters with the url parameter for the memberID but also filters by the familyID from the session.

That way if they change the url parameter to another member in their family it would work, but if they try to change it to a member from a different family it would bring up a blank page or error message since no result would be found.

Sign in to reply to this post

thehalpeen319342

Ray/Jason, this part is new to me. I've never filtered with two variables. So are these the steps I take:
1. I open the Recordset
2. I switch to advanced
3. I click the plus sign
4. Name: ????? (no idea what to put in here – it won’t accept any name I give it – I get a message ‘[name] is an invalid name, it does not appear in the SQL’
5. Type: I keep Integer
6. Default Value: I enter -1
7. Runtime Value: I enter $_SESSION['SecurityAssist_familyID'] - this is the name of the session

I end up with what is on the attached page and I’m lost.

Attached Files
recordset.pdf
Sign in to reply to this post

Ray BorduinWebAssist

You are close.

1) open the Recordset
2) switch to Advanced
3) update the SQL statement and add: " AND FamilyIDColmn = paramPlaceholder" (paramPlaceholder can be anything really and FamilyIDColumn should be the column name from the database)
4) click the plus sign
5) enter the name paramPlaceholder (match whatever name you entered in step 3)
... the rest of your steps are correct

The only part you missed is what I have in step 3

Sign in to reply to this post

thehalpeen319342

Ray, I've done as you said, but I'm struggling with it at the moment - however, I'll keep trying. Got t0 leave it now till tomorrow, thanks.

Sign in to reply to this post

thehalpeen319342

Yippee, I got it to work, thanks again. I now understand understand the mechanics a bit better.

Having said that, I used 'WebAssist- Insert Record' for the first time and I don't understand what selecting the value does - it doesn't seem to matter if I select the ID from the form or the recordset - it works - see attached. So what is the purpose of this value - why does it not matter if you select either Id's (see attached)?

Attached Files
update record.pdf
Sign in to reply to this post

Ray BorduinWebAssist

Since the id from the form is set to the id from the recordset, they will be the same, so it wouldn't matter.

In some cases you may move the update before the recordset in the code so that if you don't redirect after update the recordset would reflect the updated values. In this case you would have to use the form element since the recordset would not have been created yet.

Sign in to reply to this post

thehalpeen319342

ok, It seems I don't need to worry about it. Thanks

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...