How do I prevent a user to use each *.php?cat='

I got one form ... each category has differ开发者_如何转开发ent ID...

Example:-

http://localhost/control/newdpppage/...bank.php?cat=3

http://localhost/control/newdpppage/...bank.php?cat=4

Each user after login they go to the page assigned for them ...

-The Question.. How do i prevent User1 that can see cat=3 to see the data on cat=4 assigned for User2.

Thank you

I use for that JavaScript

JavaScript Code:

<SCRIPT language=JavaScript>
function reload(form){
var val=form.cat.options[form.cat.options.selectedIndex].valueself.location='dpp_add_lorthbankphp?cat=' + val;
}
</script>

You cannot prevent that someone changes the URL. You can only use some authorization machanism to check whether the user is allowed to access that category and deny the access if he/she is not authorized. But do this on the server side as you cannot control the client side.

From what you're requesting, there is some relation between user and categories. This should be implemented in the database. Use session-variable to store the userid (and maby array of allowed categories), then you won't depend on requested cat-querystring.

yes the better option is if you change the server side code to show restriction or redirect to user specified page when invalid cat id triggered.

I tried this and it works fine :)

$sql=mysql_query("select * from usercategory where uid=".$_SESSION['uid']." AND catid=".$_GET['cat']."");if(mysql_num_rows($sql)){//let the user do stuffs}else{//redirect to error page or die("you dont have permission to this category")}