electofaysal
Posts: 7
|
| Posted: 06/15/2004, 5:01 AM |
|
Hello all.
Just Downloaded the Eval version and i was totally blown away, it's an awesome tool.
Ok here's the problem:
I have Two Tables User And Bizness, The basic Logic being a user adds a business listing into the business table, Which has a Autoincremented Primary Key.
To assign this listing to THAT specific user i need to enter the userID into the Biz Table, for this i wanna use the Sessions Parameter UserID.
This much seems simple, but how do i do it on an insert ? Ofcourse the user is logged in so his UserID is in the Session variable, how do i modify the query to use the session UserID to enter the value instead of it picking it up from the form.
I tried making the userid field hidden and assigning the session UserID to it, but that too i cant figure out.
Help would be much appreciated.
|
 |
 |
ngfell
Posts: 1
|
| Posted: 06/15/2004, 7:47 AM |
|
What I did was add a TextBox to the form and set the default value to CCGetSession("UserID"). Then I made the TextBox hidden after I verified that the userID was going in. Hope this helps.
|
|
|
|
peterr
Posts: 5971
|
| Posted: 06/15/2004, 9:43 AM |
|
The hidden field is a good solution, however there is one potential security issue with this - some people can save such form on their computer, modify the value of the hidden field and then submit the form with a fake user id.
Therefore it's usually good to use the "Before Insert" event of your form and add custom code such as shown in the docs, at http://docs.codecharge.com/studio/html/ProgrammingTechn...foreInsert.html
(when using this code you don't need to assign any default value to the hidden field).
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Benjamin Krajmalnik
|
| Posted: 06/15/2004, 2:29 PM |
|
Peter,
Please correct me if I am wrong.
In order to accomplish this, there has to be a control on the form for the
UserID. I guess it could be hidden and primed to be blank. Otherwise, the
security issue still remains, does it not?
I had a similar need, and Hellen pointed me to the route of using the
df->table-:f("column") function.
Regards,
Benjamin
|
|
|
|
|
