tags:

views:

286

answers:

1
Q: 

Session Variables, Hidden Fields and Tables

Ok, would this work?

When a user logins a session variable is created. Then using the session variable I am able to put into a hidden field the correct user's ID number. The hidden field is in a form that allows the user to add comments. So from the hidden field the user ID is added to the 'comments' table from the 'users' table?

Thanks for the help. If it won't work, is there a reason why? What should I do to make it work if it won't?

Also, I'm using ColdFusion, MYSQL and Dreamweaver if it makes any difference. cheers.

+1  A: 

You don't need hidden field of the user id on the form.

When the user send in a form, just access the session scope directly.

so.. when user logged in, store userid in SESSION.userid

when the form posted, get SESSION.userID and FORM.fieldXXX and go from there.

Henry  2009-12-01 22:56:26
OK, great thanks!
Bridget  2009-12-01 23:01:48
Moreover, you should *never* put something like the userid somewhere a user can edit it -- form, cookie, etc. Keeping it in the session scope renders it uneditable, but as soon as you rely on the client to return it correctly, you're asking for impersonations.
Ben Doom  2009-12-01 23:02:17

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL