I'm having are problems with URL access and wish I could stop this problem

[eluser]cyberlacs[/eluser]
I'm having are problems with URL access and wish I could stop this problem

See the example below

$ links = anchor (‘andamento_controllers / form_insert_andamento /’. $ row-> tic_id, ‘Reply’);

As you can see shipping via url——tic_id and realized that if you enter another id via url have access to information.

Example: andamento_controllers / form_insert_andamento /1

if I type 2 or 3 or 40 or 100 will be redirected to these messages that is relevant to id

How do I block it.

thank you

[eluser]Stefan Hueg[/eluser]
If multiple users could have access to a record with your tic_id, you might create an access table containing the user_id and the tic_id and check on every request if there is a corresponding user_id -> tic_id entry.

If there is only a one-to-one relationship between users and your tic_ids, you could just put the user_id of the record in the same table where the tic_id is stored and check if the logged in user_id and the user_id of your database record matches.

[eluser]cyberlacs[/eluser]
Thanks for answering Stefan Hueg very grateful.

One more question:

I have to pass this id without a url?

For if der avoids other problems for me, as if you could inform me.

I'm waiting

And I thank you very much.

[eluser]cyberlacs[/eluser]
Look I made a function that handles all possible contingencies of a look.

Code:

public function ticket_code ($ code = NULL)
{
$ this-> db-> select ('*');
$ this-> db-> from ('ticket AS t');
$ this-> db-> join ('login AS l', 'l.log_codigo t.log_codigo =');
$ this-> db-> where ('tic_codigo', $ code);
$ this-> db-> where ('l.log_codigo', $ this-> session-> userdata ('id_login'));
$ this-> db-> not_like ('t.tic_status', 'Open Ticket');
return $ this-> db-> get ();

}

In testing here in my system, everything went perfectly, I think this time hit.

Thank you, but the answer is no need to pass parameters to go by url.