[FX.php List] Disallowing access thru modifying url?

Joel Shapiro jsfmp at earthlink.net
Mon Apr 24 11:28:53 MDT 2006

Hi all

What ways are there to limit record access to *only* clicked-on links?

When I get a list of records, clicking on any one of them links to  
their respective url, e.g.:

I do not want someone to be able to edit the url in their browser to  
view recid=6789
(I do open in a new browser window without the Address Bar, but  
certainly someone could get around that)

I had been using a simple IF clause at the top of page.php to ensure  
that the record's Parent_ID field match a previously set Session  
variable, but now I need to allow the viewing of other records  
(related further down the pipe) and such an IF clause is no longer so  

The recent thread betwen Dan and Kevin on using forms with hidden  
inputs and javascript seems like one option:
<FORM NAME="sub" METHOD="POST" ACTION="file1.php">
<input type="hidden" id="data" name="data" value="mydata">
<a href="file2.php"
ONCLICK="document.sub.submit(); return false;"
target="_blank">LINK TEXT HERE</a>

What other options are there?


More information about the FX.php_List mailing list