hi,
so my problem is:
i have a web page that produces a list [ul].
the list is the list of ftp sites that belong to a specific user in the database
example:
select * from user_ftps where user_id = 'x'
great! that works fine.
in this case i get three sites back belonging to the user. perfect.
i also put a hyper link with a 'get' in the output so the user can click edit and edit the site they want.
like so:
if (mysql_num_rows($result) > 0) { while(list($db_id, $db_user_id, $db_name) = mysql_fetch_row($result)) { echo "<li>$db_name [<a href="ftps/edit?id=$db_id">edit</a>]</li>"; } }
the problem is, using this method the user can alter the id in the url to the number of another user and see all their ftp sites.
"Use Post with a hidden value" i hear you say. but if i do that i'll need to create a button for each 'edit' link. i think.
not really a problem i surpose. but i want to know if there is a better way i can do this or if i'm just approching this in the wrong way and should be using a different method.
regards,
paul