Hi All, I've had a look around but not sure if Im doing this all wrong. I am grabbing several id's from the database and using a href link to submit them and update them.
I don't want the individual ID's displayed so figured I create a session ID for each and pull the ID's out on the other side. I've used a loop to amend $loop to serviceID for each variable value and try to pull it out on the otherside.
Any help or pointers would be great
**** Create Session Variable ****
$query = "SELECT serviceName, serviceID FROM tblServices WHERE clientID='".$_SESSION['clientID']."'";
$result = mysql_query($query,$db);
while($row = mysql_fetch_array($result))
$serviceName = $row[serviceName];
$serviceID = $row[serviceID];
foreach($userData as $key => $value)
$_SESSION[$key] = $value;
$_SESSION['serviceID$sessionLoop'] = $serviceID;
**** Pull Session variable Out ****
$query = "UPDATE tblServices SET serviceName='' WHERE clientID='".$SESSION['clientID']."' AND serviceID='".$SESSION['serviceID$sessionLoop']."'";
So...out of confusion how does using a "$sessionLoop" number versus a User ID make it any more secure? When obviously, the ability to edit is listed on the page why would I care if Fred's ID is 5? What power do I gain by knowing Fred's ID? Once you answer those questions you can drop the complex mess and go back to something simple.
Yeh your right they are already logged in under there own client ID so why would they want to sabotage there own system!