CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> PHP

 info from table only partly available to specific user

 Print topic Send topic

Author Message
PeterE
Posted: 02/03/2004, 10:06 AM
Hi,

Lets say I have a table with customer-information (name, adress,
product of choice etc), each customer is asigned to a specific dealer.

After logging in I want only to show the customer-information that
belongs to the logged-in specific dealer.

How to do that with CC, MySQL and PHP?

Help welcome for this newbie!

PeterE
DonB
Posted: 02/03/2004, 11:17 AM
Ensure you have the UserID embedded in the WHERE for all queries. (i.e.,
"WHERE userID = x"). Be sure to use the CCGetUserID() function, and not
rely on a userid value taken off the URL (querystring). Otherwise, the
clever user might be able to access information they shouldn't by changing
the address bar of their browser.

--
DonB

http://www.gotodon.com/ccbth


"PeterE" <nospam@nospam.nl> wrote in message
news:bvonuo$1ml$1@news.codecharge.com...
> Hi,
>
> Lets say I have a table with customer-information (name, adress,
> product of choice etc), each customer is asigned to a specific dealer.
>
> After logging in I want only to show the customer-information that
> belongs to the logged-in specific dealer.
>
> How to do that with CC, MySQL and PHP?
>
> Help welcome for this newbie!
>
> PeterE
>
PeterE
Posted: 02/04/2004, 9:30 AM
Great, I was thinking in that direction.
But I am not sure how to use CCGetUserID()?

Peter

DonB wrote:

>Ensure you have the UserID embedded in the WHERE for all queries. (i.e.,
>"WHERE userID = x"). Be sure to use the CCGetUserID() function, and not
>rely on a userid value taken off the URL (querystring). Otherwise, the
>clever user might be able to access information they shouldn't by changing
>the address bar of their browser.
>
>
>
DonB
Posted: 02/04/2004, 10:16 AM
Just insert the function (it has no parameters) wherever you want the
userid.

--
DonB

http://www.gotodon.com/ccbth


"PeterE" <nospam@nospam.nl> wrote in message
news:bvra6v$uvr$1@news.codecharge.com...
> Great, I was thinking in that direction.
> But I am not sure how to use CCGetUserID()?
>
> Peter
>
> DonB wrote:
>
> >Ensure you have the UserID embedded in the WHERE for all queries. (i.e.,
> >"WHERE userID = x"). Be sure to use the CCGetUserID() function, and not
> >rely on a userid value taken off the URL (querystring). Otherwise, the
> >clever user might be able to access information they shouldn't by
changing
> >the address bar of their browser.
> >
> >
> >
>

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Internet Database

Visually create Web enabled database applications in minutes.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.