Email field from logged in user, insert to database.
I have created a form that is inserted into a database table. One of the form fields is email. The email field is displayed if the user has chosen to receive a reply by email. Everything works, but I wonder if it's safe. Because I have a hidden field for email that is linked to a recordset that is filtered on logged in users:
$rsLoggedin->bindParam("s", "".(isset($_SESSION['SecurityAssist_UserID'])?$_SESSION['SecurityAssist_UserID']:"") ."", "-1"); //WAQB_Param1
<!-- Email address - logged in -->
<?php if(WA_Auth_RulePasses("Logged in to users")){ // Begin Show Region ?>
<input name="buc_tipEmail" type="hidden" id="buc_tipEmail" value="<?php echo($rsLoggedin->getColumnVal("UserEmail")); ?>">
<?php } // End Show Region ?>
Or is there a safer way to do this?