Forums
This topic is locked
Protect it?!? Only clever people need see this.
16 Oct 2001 18:16:21 Phil Cue posted:
Hi, hope you can urgently help.After logging in, I have a welcome page for those logged in customers. However this welcome page allows anyone to change the tail ends of the URL:
welcome_ie.asp?id=4
to see another customers record simply by changing _ie.asp?id=4 to _ie.asp?id=14 for example, how would I prevent this. Using your excellent behaviours? I use UD1.
Thanks.
Replies
Replied 16 Oct 2001 18:30:36
16 Oct 2001 18:30:36 Owen Eastwick replied:
On your login page you have set the Form metod to GET, which passes the paramaterers as a QueryString which is then tacked on to the end of the URL parameter as you can see in <b>welcome_ie.asp?id=4</b>.
Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.
Should do it.
Regards
Owen.
Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo
Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.
Should do it.
Regards
Owen.
Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo
Replied 18 Oct 2001 15:46:32
18 Oct 2001 15:46:32 Phil Cue replied:
DOH! Of course...cheers..
On your login page you have set the Form metod to GET, which passes the paramaterers as a QueryString which is then tacked on to the end of the URL parameter as you can see in <b>welcome_ie.asp?id=4</b>.
Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.
Should do it.
Regards
Owen.
Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo
On your login page you have set the Form metod to GET, which passes the paramaterers as a QueryString which is then tacked on to the end of the URL parameter as you can see in <b>welcome_ie.asp?id=4</b>.
Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.
Should do it.
Regards
Owen.
Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo