> Hidden fields are only hidden from users that don't know there is a "view
> source" function in their browser.
>
> If you use a hidden field to "secure" some data you don't want the user to
> see, then be aware they have ways to see it anyhow. This can be even more
> insidious if they are a malicious user and use software that let's them
> modify the hdden value before it gets sent back - imagine this was your
> social security number and they changed it to theirs.
>
> Or suppose they ordered something that cost $500 and they were clever
enough
> to change the hidden value to $1 and ordered 500 of them. Your
application
> might accept the order at the wrong price because you assumed the hidden
> value could not be changed.
>
> --
> DonB
>
>
http://www.gotodon.com/ccbth
>
>
>
>
Quote Michael Mikkelsen:
> I would get the company ID first and then incorporate it into your SQL
> statement when you pull data from the database as well as add data to the
database.
>
> This is how you would get that variable using custom code.
>
> global $DBConnection1;
> $CompanyID = CCDLookUp("companyID","users","user_id=".CCGetUserID(),
> $DBConnection1);
>
>
>
> I've one similar thing:
> //Custom Code @13-BC68F432
> // -------------------------
> global $test;
> global $DBConnection1;
> $userLogin = CCDLookUp("user_login","user","user_id=".CCGetUserID(),
> $DBConnection1);
> echo $userLogin ;
> // -------------------------
> //End Custom Code
>
> and indeed i get what i need but what do I next?
> This code is in test.php in which I - let's say - need a list filtered to
> that userLogin / userID....
> I have implemented the grid with datacode quary userID = userID via
> sessions, tried userLogin = userLogin via session AND IT DOES NOT WORK
>