[FX.php List] Disallowing access thru modifying url?
Joel Shapiro
jsfmp at earthlink.net
Mon Apr 24 11:28:53 MDT 2006
Hi all
What ways are there to limit record access to *only* clicked-on links?
When I get a list of records, clicking on any one of them links to
their respective url, e.g.:
http://127.0.0.1/page.php?recid=1234
I do not want someone to be able to edit the url in their browser to
view recid=6789
(I do open in a new browser window without the Address Bar, but
certainly someone could get around that)
I had been using a simple IF clause at the top of page.php to ensure
that the record's Parent_ID field match a previously set Session
variable, but now I need to allow the viewing of other records
(related further down the pipe) and such an IF clause is no longer so
simple.
The recent thread betwen Dan and Kevin on using forms with hidden
inputs and javascript seems like one option:
<FORM NAME="sub" METHOD="POST" ACTION="file1.php">
<input type="hidden" id="data" name="data" value="mydata">
</FORM>
<a href="file2.php"
ONCLICK="document.sub.submit(); return false;"
target="_blank">LINK TEXT HERE</a>
What other options are there?
TIA,
-Joel
More information about the FX.php_List
mailing list