PeterE
|
Posted: 02/03/2004, 10:06 AM |
|
Hi,
Lets say I have a table with customer-information (name, adress,
product of choice etc), each customer is asigned to a specific dealer.
After logging in I want only to show the customer-information that
belongs to the logged-in specific dealer.
How to do that with CC, MySQL and PHP?
Help welcome for this newbie!
PeterE
|
|
|
DonB
|
Posted: 02/03/2004, 11:17 AM |
|
Ensure you have the UserID embedded in the WHERE for all queries. (i.e.,
"WHERE userID = x"). Be sure to use the CCGetUserID() function, and not
rely on a userid value taken off the URL (querystring). Otherwise, the
clever user might be able to access information they shouldn't by changing
the address bar of their browser.
--
DonB
http://www.gotodon.com/ccbth
"PeterE" <nospam@nospam.nl> wrote in message
news:bvonuo$1ml$1@news.codecharge.com...
> Hi,
>
> Lets say I have a table with customer-information (name, adress,
> product of choice etc), each customer is asigned to a specific dealer.
>
> After logging in I want only to show the customer-information that
> belongs to the logged-in specific dealer.
>
> How to do that with CC, MySQL and PHP?
>
> Help welcome for this newbie!
>
> PeterE
>
|
|
|
PeterE
|
Posted: 02/04/2004, 9:30 AM |
|
Great, I was thinking in that direction.
But I am not sure how to use CCGetUserID()?
Peter
DonB wrote:
>Ensure you have the UserID embedded in the WHERE for all queries. (i.e.,
>"WHERE userID = x"). Be sure to use the CCGetUserID() function, and not
>rely on a userid value taken off the URL (querystring). Otherwise, the
>clever user might be able to access information they shouldn't by changing
>the address bar of their browser.
>
>
>
|
|
|
DonB
|
Posted: 02/04/2004, 10:16 AM |
|
Just insert the function (it has no parameters) wherever you want the
userid.
--
DonB
http://www.gotodon.com/ccbth
"PeterE" <nospam@nospam.nl> wrote in message
news:bvra6v$uvr$1@news.codecharge.com...
> Great, I was thinking in that direction.
> But I am not sure how to use CCGetUserID()?
>
> Peter
>
> DonB wrote:
>
> >Ensure you have the UserID embedded in the WHERE for all queries. (i.e.,
> >"WHERE userID = x"). Be sure to use the CCGetUserID() function, and not
> >rely on a userid value taken off the URL (querystring). Otherwise, the
> >clever user might be able to access information they shouldn't by
changing
> >the address bar of their browser.
> >
> >
> >
>
|
|
|
|