Keeping Form Variable in Memory

Forum Moderators: coopster

Message Too Old, No Replies

Keeping Form Variable in Memory

inveni0

9:00 pm on Feb 9, 2006 (gmt 0)

I have a page where users enter a "control panel" by entering a secret ID into a form. The control panel displays an edit record form. The recordset is filtered with the $ID variable that was passed by the login screen.

When people update a record, the site stays on the same page. How do I get the $ID variable to stay with it without using sessions? I tried using a hidden field, but it didn't work.

coopster

5:20 pm on Feb 13, 2006 (gmt 0)

Why didn't it work?

To carry a variable from one request to the next you have a few options including sessions, cookies, hidden form fields and URL query string. It would seem to me that they could easily bypass your login if you aren't using a session though. Especially if you are allowing them to perform updates on certain areas depending on them telling you who they are. What stops them from altering that ID and changing somebody else's information? Seems to me there are some integrity implications here.

inveni0

6:31 am on Feb 15, 2006 (gmt 0)

Well, the ID is a secret, like a passphrase. I'm requiring everyone now to create a username and passphrase, however. The only way the system could be hacked is if someone were to discover the username and password of an account (which is a problem you can't get around on any system).

coopster

5:27 pm on Feb 15, 2006 (gmt 0)

How are you passing the userid and password along then? You know, in order to check in the next area that they have already logged in?