This topic is locked

$strWhereClause

12/17/2009 10:55:59 AM
PHPRunner General questions
G
garethp authorDevClub member

Hi
I am unable to use the standard security as I need to have the security on a linked table.
Therefore with the previous help of Jane I have the followoing code on the list pade:Before SQL query...

$strWhereClause = whereAdd($strWhereClause,"activity_users.username ='".$_SESSION["UserID"]."'");


This works great and restricts the records shown on the list page correctly.
However, I have a problem I have only just realised which could have been a disaster.
For example, I have 2 records in a table. With the added where clause I can only see record 2 on the list page - record 1 is not visible. When I click view for record 2 I am taken to the following page...

por_details_view.php?editid1=2


and I can see the record details.
However, if I change the page manually to...

por_details_view.php?editid1=1


I can now incorrectly see record 1, which I can not see in the list page. I do not want to be able to access this at all.
I presume I need to put some code in the view and edit events to achieve the same thing.
Please can you help? Many many thanks
Gareth

Sergey Kornilov admin 12/17/2009

You need to add the same code snippet to BeforeSQLEvent on Edit/View/Print pages to protect them as well.