Hi all,
I am working on an online system where when the user logs on to the system a session is created, they view their folders and their uploaded files under a folder.
I am using query strings to display the list of files in a particular folder.
but the problem is, any one can change the query string value and access someone else's folder.
How can i prevent this from happening,
also please let me know what should i when the system checks for the presence of username and password entered by a user in the databse other than creating session....
help of any kind will deeply be appreciated.
I am working on an online system where when the user logs on to the system a session is created, they view their folders and their uploaded files under a folder.
I am using query strings to display the list of files in a particular folder.
but the problem is, any one can change the query string value and access someone else's folder.
How can i prevent this from happening,
also please let me know what should i when the system checks for the presence of username and password entered by a user in the databse other than creating session....
help of any kind will deeply be appreciated.