Posted by Good Man on 10/19/82 11:45

MaXX <bs139412@skynet.be> wrote in
news:e258nf$pbt$1@talisker.lacave.net:


> The problem is if I'm a nasty guy I just write my own form and delete
> any record I want (since I'm auth'd) by just sending another id.


in your database, add a column called "keystring" and index it. populate
it with 18 characters or so (write a PHP function that does this at the
same time you enter the info in the database). So, this 'keystring' for
record 1 might be '9jfhdsufs8ywre' while record 2 might be
'agsadgiwqegiqw'.

Since the keystring is indexed, you can delete it from your DB by calling
"DELETE FROM so_and_so WHERE Keystring='9jfhdsufs8ywre'" Chances are
pretty damn slim that someone will be able to guess any keystring and
therefore alter records.

I use this technique often, especially when allowing users access to pick
up files.

See ya

[Back to original message]