[thelist] Update on "Update Query not running"
Scott Brady
evolt at scottbrady.net
Wed Jan 23 06:19:51 CST 2002
rudy:
> hi scott (sorry about the mixup)
No problem. If I had a dollar for every time I screwed up someone's name .
. . well, I wouldn't be working on this code right now. :)
> did you try yoursql in the access query window? it works, right?
>
> isn't there something in odbc that you can set so that it will basically
> pass your sql through without parsing it?
When I say "it works" I mean that the query runs without updating any rows,
which is the same thing it does in the ColdFusion code.
> if it were me, now, i'd be ready to re-examine why i wasn't using a long
> integer instead...
Primarily security reasons. If someone looks at the user-id in their cookie
and sees that it's "32," there's nothing to stop them from changing it to
"31" and viewing other people's contact info, right, if they're already
logged in? [at least in IE6, it looks like I can just edit my cookies
without too much difficulty] If they screw around with a GUID, the odds of
them coming up with another user's ID is .. . very remote.
Thanks for all the suggestions. At least I've managed to find a workaround
(and it's only for updating that one table, so it's not a huge problem,
because there aren't many places where that table gets updated)
Scott
----------------------------------------------
Scott Brady
http://www.scottbrady.net/
More information about the thelist
mailing list