Hi, hope you can urgently help.

After logging in, I have a welcome page for those logged in customers. However this welcome page allows anyone to change the tail ends of the URL:
welcome_ie.asp?id=4

to see another customers record simply by changing _ie.asp?id=4 to _ie.asp?id=14 for example, how would I prevent this. Using your excellent behaviours? I use UD1.

Thanks.

On your login page you have set the Form metod to GET, which passes the paramaterers as a QueryString which is then tacked on to the end of the URL parameter as you can see in <b>welcome_ie.asp?id=4</b>.

Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.

Should do it.

Regards

Owen.

Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo

DOH! Of course...cheers..


On your login page you have set the Form metod to GET, which passes the paramaterers as a QueryString which is then tacked on to the end of the URL parameter as you can see in <b>welcome_ie.asp?id=4</b>.

Change the Form method to POST. Then use Request.Form("textFieldName" to pick up the parameter on the welcome page.

Should do it.

Regards

Owen.

Multiple Parameter UD4 / Access 2000 Database Search Tutorial:
www.tdsf.co.uk/tdsfdemo