vang wrote:Is there another method to edit the db record without using the URL as i do not want user to mess around the url data and cause potential problem.
If you use $_GET['id'] to determine what to display in a form to the user, and then have the form submitted by the post method, then you should be okay. In such a case, you do not need to prevent the user from just changing the id value in the query string; rather, you use say, a session to determine that the user has the permission to view the form details corresponding to the entry with the given id.
