> >I don't think there is any preferred method outside of just
> making sure
> to apply you logic rules.
> >For example:
> >A press release will show up online if active=1 and pubdate < today.
> >Any SQL that gets PRs, wether it gets one PR or a list,
> should all obey
> the same rule.
>
> Ooops, I think I got the question a bit mixed up... I was
> thinking more along the lines of update and delete rather than select
>
This is no different though. In my example, the action was "View", and the
rule was, it must be active, etc.
For edit, lets say your rule is simply that session.isAdmin is defined and
true, if so, then you wrap your <cfquery> tag with a check on that.
Again note that we handle it server side. There is no messing with the query
string.
Another example: Assume a user can edit his records. In that case then your
sql statements would first check to make sure that the user has access to
url.id, then you would do the update call.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
