I've build a web site using FileMaker as the back end and FX.php as the class to access the FileMaker data. I've got it working but it's insecure. For instance, there's a link for editing a record that looks like this:

Edit

This results in a URL that includes the entry ID, which means that anyone can simply enter the URL and be able to edit that entry.

This would seem to be a problem that someone else has solved. I've been thinking that perhaps the user of PHP sessions is the answer. When the user logs in successfully, I store a session variable with the account id. If the session variable exists, then I check the entry's account ID against the session account ID and continue only if they are the same.

However, any other suggestions would be appreciated.

Thanks,

Chuck

Sessions seems to be the way to go.

You could use Forms to hide parameters from the URL. However, it is only slightly more secure.

All the best.

Garry

I second Garry on the use of SESSIONS.

You can keep a lot of information about the user in the session and save going back to the database for additional queries.